diff --git a/terraform/cloud-init.yaml.tpl b/terraform/cloud-init.yaml.tpl
index 1ddec74..ce5f628 100644
--- a/terraform/cloud-init.yaml.tpl
+++ b/terraform/cloud-init.yaml.tpl
@@ -30,7 +30,7 @@ cat << 'EOF' > /etc/nginx/sites-available/${project_name}
 server {
     root /var/www/${project_name};
     index index.html;
-    server_name ${DOMAIN} www.${DOMAIN};
+    server_name ${domain} www.${domain};
 
     location ~* \.(js|css)$ {
         add_header Cache-Control "no-cache, no-store, must-revalidate";
@@ -50,8 +50,8 @@ server {
 
     listen [::]:443 ssl ipv6only=on;
     listen 443 ssl;
-    ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
@@ -59,7 +59,7 @@ server {
 server {
     listen 80;
     listen [::]:80;
-    server_name ${DOMAIN} www.${DOMAIN};
+    server_name ${domain} www.${domain};
     return 301 https://$host$request_uri;
 }
 EOF
@@ -139,7 +139,7 @@ chown -R www-data:www-data /var/www/${project_name}
 systemctl start contact-api.service
 
 # Get SSL certificate
-certbot --nginx --non-interactive --agree-tos --email noreply@krustyplanet.org -d ${DOMAIN} -d www.${DOMAIN}
+certbot --nginx --non-interactive --agree-tos --email noreply@krustyplanet.org -d ${domain} -d www.${domain}
 
 # Enable certbot auto-renewal
 systemctl enable certbot.timer