diff --git a/roles/mta_sts/templates/nginx.d.conf.j2 b/roles/mta_sts/templates/nginx.d.conf.j2
index f17ebec4e4408f3aed68a13710c8302cc0d71276..f17e5619fcdeb114fb2621d1ec36a41ceed26b6c 100644
--- a/roles/mta_sts/templates/nginx.d.conf.j2
+++ b/roles/mta_sts/templates/nginx.d.conf.j2
@@ -32,6 +32,7 @@ server {
 
     location = /.well-known/mta-sts.txt {
         default_type text/plain;
+        # Remember to bump the MTA-STS id in tf-stage1/archlinux.tf
         return 200 'version: STSv1\nmode: enforce\nmax_age: 2592000\nmx: {{ config.mx | join('\\nmx: ')}}\n';
     }
 
diff --git a/tf-stage1/archlinux.tf b/tf-stage1/archlinux.tf
index 06d7e16fc9fd68b1c20d159c043db172cd05d259..995d9a857b76bdce1510d474cc0b62acd13a5290 100644
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -193,8 +193,8 @@ locals {
     "_smtp._tls.aur"        = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
     "_smtp._tls.master-key" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
     "_smtp._tls.lists"      = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
-    # Generated with: date +%s
-    "_mta-sts"   = { value = "v=STSv1; id=1608210175" }
+    # Generated with: date +%Y%m%d01
+    "_mta-sts"   = { value = "v=STSv1; id=2022051601" }
     "@"          = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
     "mail"       = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
     "aur"        = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }