diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 605cb93b1831b9303b91607725d43ddaa4f0c0b2..85c39c7271e9273b5e299980ebf7a46849bc9457 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -122,26 +122,6 @@ in {
       description = "ZKAP Issuer";
       wantedBy = [ "multi-user.target" ];
 
-      # Make sure we have a certificate the first time, if we are running over
-      # TLS and require a certificate.
-      # ACME will issue an interim self-signed certificate, which we want to
-      # use at least in the local dev network.  But if ACME cannot get the
-      # created key signed by LE (probably because the host is not reachable
-      # from outside, or the domain is not a legit TLD) the ACME cert service
-      # will "fail". We still want to start our PaymentServer. Hence a weaker
-      # "wants" instead of a "requires" dependency.
-      # When ACME receives a fully signed cert from LE, it will reload NGINX.
-      wants = lib.optional cfg.tls "${certServiceName}.service";
-
-      after = [
-        # Make sure there is a network so we can bind to all of the
-        # interfaces.
-        "network.target"
-      ] ++
-        # Make sure we run after the certificate is issued, if we are running
-        # over TLS and require a certificate.
-        lib.optional cfg.tls "${certServiceName}.service";
-
       # It really shouldn't ever exit on its own!  If it does, it's a bug
       # we'll have to fix.  Restart it and hope it doesn't happen too much
       # before we can fix whatever the issue is.