diff --git a/common-prod/overlay/etc/hiera/data/group.yaml b/common-prod/overlay/etc/hiera/data/group.yaml
index dbcf360..c70be9c 100644
--- a/common-prod/overlay/etc/hiera/data/group.yaml
+++ b/common-prod/overlay/etc/hiera/data/group.yaml
@@ -9,3 +9,18 @@ mariadb_cluster_nodes:
   - 89.47.185.115 # internal-sto1-prod-db-1.geteduroam.sunet.se
   - 89.47.190.224 # internal-dco-prod-db-2.geteduroam.sunet.se
 
+acmed_primary: internal-sto1-prod-radius-1.geteduroam.sunet.se
+acmed_agent_ips:
+  - 89.47.191.170
+  - 2001:6b0:7d:40::3a9
+
+#acmed_agent_ssh_keys_db:
+#   'internal-dco-prod-radius-2':
+#      key  : 'AAAAC3NzaC1lZDI1NTE5AAAAIDaDxm15BEYlrIqUigpQvZ4z6CNChCsyAmM2oMU1gkoP'
+#      type : 'ssh-ed25519'
+#      name : 'internal-dco-prod-radius-2'
+#      options : 'command="/usr/bin/rrsync /etc/letsencrypt/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding'
+
+#acmed_agent_ssh_keys_mapping:
+#  'root':
+#    - 'internal-dco-test-radius-2'
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 5573332..e836cdf 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -169,3 +169,12 @@ internal-sto1-prod-radius-1.geteduroam.sunet.se:
     realm: v1.geteduroam.se
     app: false
   sunet::certbot::acmed:
+
+internal-dco-prod-radius-2.geteduroam.sunet.se:
+  sunet::dockerhost2:
+  sunet::geteduroam:
+    domain: geteduroam.se
+    realm: v1.geteduroam.se
+    app: false
+  sunet::certbot::acmed:
+    agent: true