diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl
index 4105f9e..6237a45 100644
--- a/homeserver.yaml.tmpl
+++ b/homeserver.yaml.tmpl
@@ -593,11 +593,11 @@ retention:
 # any intermediate certificates (for instance, if using certbot, use
 # `fullchain.pem` as your certificate, not `cert.pem`).
 #
-#tls_certificate_path: "/data/foo.com.tls.crt"
+#tls_certificate_path: "/data/{{ env "DOMAIN" }}.tls.crt"
 
 # PEM-encoded private key for TLS
 #
-#tls_private_key_path: "/data/foo.com.tls.key"
+#tls_private_key_path: "/data/{{ env "DOMAIN" }}.tls.key"
 
 # Whether to verify TLS server certificates for outbound federation requests.
 #
@@ -778,7 +778,7 @@ database:
 # A yaml python logging config file as described by
 # https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
 #
-log_config: "/data/foo.com.log.config"
+log_config: "/data/{{ env "DOMAIN" }}.config"
 
 
 ## Ratelimiting ##
@@ -1456,7 +1456,7 @@ form_secret: "I@#lMS0V3@HRB~b0nvA&Di29uK^l5K@Sm=Ima+:.CKlldwP6&s"
 
 # Path to the signing key to sign messages with
 #
-signing_key_path: "/data/foo.com.signing.key"
+signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key"
 
 # The keys that the server used to sign messages with but won't use
 # to sign new messages.