diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 8a015bb3556c1..4c4b7f39e6bb6 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -693,6 +693,10 @@ in
       wantedBy = [ "multi-user.target" ];
       wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts);
       after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts;
+      # Nginx needs to be started in order to be able to request certificates
+      # (it's hosting the acme challenge after all)
+      # This fixes https://github.com/NixOS/nixpkgs/issues/81842
+      before = map (vhostConfig: "acme-${vhostConfig.serverName}.service") acmeEnabledVhosts;
       stopIfChanged = false;
       preStart = ''
         ${cfg.preStart}
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix
index f871d0ea5fcf5..826dd8f97d1fb 100644
--- a/nixos/tests/acme.nix
+++ b/nixos/tests/acme.nix
@@ -71,9 +71,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
         after = [ "acme-a.example.test.service" ];
         wantedBy = [ "acme-a.example.test.service" ];
       };
-      systemd.services."acme-a.example.test" = {
-        after = [ "nginx.service" ];
-      };
 
       services.nginx.enable = true;
 
@@ -93,9 +90,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
           after = [ "acme-b.example.test.service" ];
           wantedBy = [ "acme-b.example.test.service" ];
         };
-        systemd.services."acme-b.example.test" = {
-          after = [ "nginx.service" ];
-        };
         services.nginx.virtualHosts."b.example.test" = {
           enableACME = true;
           forceSSL = true;