diff --git a/config.yml b/config.yml
index fb0adb5..c1c0595 100644
--- a/config.yml
+++ b/config.yml
@@ -82,8 +82,6 @@ domain:
   # External domains will have a TLS key/cert generated and signed for them, but
   # which will not be served by domani itself. The key/cert files will be placed
   # in the configured paths.
-  #
-  # HTTPS must be enabled for external_domains to be used.
   #external_domains:
     #example.com
     #  tls_key_path: /dir/path/key.pem
diff --git a/src/main.rs b/src/main.rs
index 625a33f..10f5be4 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -74,10 +74,6 @@ async fn main() {
             }
         }
 
-        if !config.domain.external_domains.is_empty() && config.service.http.https_addr.is_none() {
-            panic!("https must be enabled to use external_domains")
-        }
-
         config
     };
 
@@ -87,7 +83,9 @@ async fn main() {
         return;
     };
 
+    let https_enabled = config.service.http.https_addr.is_some();
     let gemini_enabled = config.service.gemini.gemini_addr.is_some();
+    let external_domains_enabled = !config.domain.external_domains.is_empty();
 
     let origin_store = domani::origin::git::FSStore::new(&config.origin)
         .expect("git origin store initialization failed");
@@ -103,7 +101,7 @@ async fn main() {
         domani::domain::store::FSStore::new(&config.domain.store_dir_path.join("domains"))
             .expect("domain config store initialization failed");
 
-    let domain_acme_manager = if config.service.http.https_addr.is_some() {
+    let domain_acme_manager = if https_enabled || external_domains_enabled {
         let acme_config = config
             .domain
             .acme
diff --git a/src/service/http.rs b/src/service/http.rs
index 317fa0d..36b9950 100644
--- a/src/service/http.rs
+++ b/src/service/http.rs
@@ -66,8 +66,6 @@ impl Service {
     where
         CertResolver: rustls::server::ResolvesServerCert + 'static,
     {
-        let https_enabled = config.http.https_addr.is_some();
-
         let service = sync::Arc::new(Service {
             domain_manager: domain_manager.clone(),
             cert_resolver: sync::Arc::from(cert_resolver),
@@ -79,13 +77,17 @@ impl Service {
 
         task_stack.push_spawn(|canceller| tasks::listen_http(service.clone(), canceller));
 
-        if https_enabled {
+        if service.https_enabled() {
             task_stack.push_spawn(|canceller| tasks::listen_https(service.clone(), canceller));
         }
 
         service
     }
 
+    fn https_enabled(&self) -> bool {
+        self.config.http.https_addr.is_some()
+    }
+
     fn serve(&self, status_code: u16, path: &str, body: Body) -> Response<Body> {
         match Response::builder()
             .status(status_code)
@@ -125,7 +127,7 @@ impl Service {
     }
 
     fn presenter_http_scheme(&self) -> &str {
-        if self.config.http.https_addr.is_some() {
+        if self.https_enabled() {
             return "https";
         }
         "http"
@@ -542,7 +544,7 @@ impl Service {
         // - /.well-known urls
         // - proxied domains with https_disabled set on them
         // everything else must use https if possible.
-        let https_upgradable = self.config.http.https_addr.is_some() && !req_is_https;
+        let https_upgradable = self.https_enabled() && !req_is_https;
 
         if let Some(config) = self.proxied_domains.get(&domain) {
             if config.http_url.is_none() {