diff --git a/modules/servers/homepage/services.nix b/modules/servers/homepage/services.nix
index 0d77d57..cf0c0a6 100644
--- a/modules/servers/homepage/services.nix
+++ b/modules/servers/homepage/services.nix
@@ -130,7 +130,7 @@
     };
   "qbittorrent server" =
     let
-      url = "http://${config.my.ips.server}:${toString config.my.servers.qbittorrent.port}";
+      url = "https://${config.my.ips.server}:${toString config.my.servers.qbittorrent.port}";
       name = "qbittorrent";
     in
     lib.mkIf config.my.servers.qbittorrent.enable {
@@ -145,7 +145,7 @@
     };
   "qbittorrent miniserver" =
     let
-      url = "http://${config.my.ips.miniserver}:${toString config.my.servers.qbittorrent.port}";
+      url = "https://${config.my.ips.miniserver}:${toString config.my.servers.qbittorrent.port}";
       name = "qbittorrent";
     in
     lib.mkIf config.my.servers.qbittorrent.enable {
@@ -161,7 +161,7 @@
   sabnzbd =
     let
       name = "sabnzbd";
-      url = "http://${config.my.ips.server}:${toString config.my.servers.sabnzbd.port}";
+      url = "https://${config.my.ips.server}:${toString config.my.servers.sabnzbd.port}";
     in
     {
       icon = "${name}.png";
diff --git a/modules/servers/qbittorrent.nix b/modules/servers/qbittorrent.nix
index 0848983..2623bfb 100644
--- a/modules/servers/qbittorrent.nix
+++ b/modules/servers/qbittorrent.nix
@@ -50,20 +50,20 @@ in
     home-manager.users.jawz.xdg.configFile."unpackerr.conf" =
       lib.mkIf config.my.servers.unpackerr.enable
         { source = ../../dotfiles/unpackerr.conf; };
-    sops.secrets = {
-      "certificates/qbit_cert" = {
-        sopsFile = ../../secrets/keys.yaml;
-        owner = config.users.users.jawz.name;
-        inherit (config.users.users.jawz) group;
-        path = "/home/jawz/.config/qBittorrent/ssh/server.crt";
+    sops.secrets =
+      let
+        mkQbitSecret = file: mode: {
+          inherit mode;
+          inherit (config.users.users.jawz) group;
+          sopsFile = ../../secrets/keys.yaml;
+          owner = config.users.users.jawz.name;
+          path = "/home/jawz/.config/qBittorrent/ssl/${file}";
+        };
+      in
+      {
+        "certificates/qbit_cert" = mkQbitSecret "server.crt" "0644";
+        "certificates/qbit_key" = mkQbitSecret "server.key" "0600";
       };
-      "certificates/qbit_key" = {
-        sopsFile = ../../secrets/keys.yaml;
-        owner = config.users.users.jawz.name;
-        inherit (config.users.users.jawz) group;
-        path = "/home/jawz/.config/qBittorrent/ssh/server.key";
-      };
-    };
     systemd = {
       packages = [ pkgs.qbittorrent-nox ];
       services = {