diff --git a/core/docker-compose.yml b/core/docker-compose.yml
index 2156c73..3aa2abf 100644
--- a/core/docker-compose.yml
+++ b/core/docker-compose.yml
@@ -67,9 +67,16 @@ services:
       - "--providers.docker.network=web,request"
       - "--providers.file.directory=/etc/traefik/dynamic"
       - "--providers.file.watch=true"
-      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=desec"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=90"
       - "--certificatesresolvers.myresolver.acme.email=admin@mapletree.email"
       - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    environment:
+    # Pass the variables through
+      - DESEC_TOKEN=${DESEC_TOKEN}
+      - DESEC_DOMAIN=${DESEC_DOMAIN}
+      # (Any other Traefik env vars you need)
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "/docker/traefik/letsencrypt:/letsencrypt"
@@ -96,6 +103,26 @@ services:
       - KEEPALIVED_VIRTUAL_IPS=172.16.201.2/24 # THE FLOATING IP
       - KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY} # 150 for Master, 100 for Backup
       - KEEPALIVED_PASSWORD=${DNS_ADMIN_PASSWORD}
+  # DDNS UPDATER (IP Updates)
+  ddns:
+    image: qdm12/ddns-updater
+    container_name: ddns
+    restart: unless-stopped
+    ports:
+      - "8000:8000/tcp"
+    environment:
+      - TZ=America/Edmonton
+      - PERIOD=5m
+      - PUBLICIP_FETCHERS=all
+      - IP_METHOD=provider
+      
+      # The Variable Injection
+      # Format: provider, host, username, password
+      # For deSEC: username IS the domain name.
+      - CONFIG=desec,${DESEC_DOMAIN},${DESEC_DOMAIN},${DESEC_TOKEN}
+      
+    volumes:
+      - /docker/core/ddns:/updater/data
 
 networks:
   guac_external: