diff --git a/docker/mediamtx/mirror/.env.example b/docker/mediamtx/mirror/.env.example
index f0ed859..12148c7 100644
--- a/docker/mediamtx/mirror/.env.example
+++ b/docker/mediamtx/mirror/.env.example
@@ -1,4 +1,5 @@
 ACME_EMAIL=ops@hackclub.tv
+CF_DNS_API_TOKEN=cloudflare_dns_edit_token
 
 # public hostnames and stuff
 MEDIAMTX_HLS_HOST=hls.hackclub.tv
diff --git a/docker/mediamtx/mirror/docker-compose.yml b/docker/mediamtx/mirror/docker-compose.yml
index bc05f23..3a025d4 100644
--- a/docker/mediamtx/mirror/docker-compose.yml
+++ b/docker/mediamtx/mirror/docker-compose.yml
@@ -10,9 +10,11 @@ services:
       - --entrypoints.webrtc-ice.address=:8189/udp
       - --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
       - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
-      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
-      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
-      - --log.level=DEBUG
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
+    environment:
+      CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}
     ports:
       - 80:80
       - 443:443