diff --git a/pkg/api/api.go b/pkg/api/api.go
index d921a58..be306a6 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"net/http"
+	"time"
 
 	"github.com/joohoi/acme-dns/pkg/acmedns"
 
@@ -67,10 +68,13 @@ func (a *AcmednsAPI) Start(dnsservers []acmedns.AcmednsNS) {
 		}
 		cfg.GetCertificate = magic.GetCertificate
 		srv := &http.Server{
-			Addr:      host,
-			Handler:   c.Handler(api),
-			TLSConfig: cfg,
-			ErrorLog:  stderrorlog,
+			Addr:         host,
+			Handler:      c.Handler(api),
+			TLSConfig:    cfg,
+			ErrorLog:     stderrorlog,
+			ReadTimeout:  5 * time.Second,
+			WriteTimeout: 10 * time.Second,
+			IdleTimeout:  120 * time.Second,
 		}
 		a.Logger.Infow("Listening HTTPS",
 			"host", host,
@@ -78,10 +82,13 @@ func (a *AcmednsAPI) Start(dnsservers []acmedns.AcmednsNS) {
 		err = srv.ListenAndServeTLS("", "")
 	case acmedns.ApiTlsProviderCert:
 		srv := &http.Server{
-			Addr:      host,
-			Handler:   c.Handler(api),
-			TLSConfig: cfg,
-			ErrorLog:  stderrorlog,
+			Addr:         host,
+			Handler:      c.Handler(api),
+			TLSConfig:    cfg,
+			ErrorLog:     stderrorlog,
+			ReadTimeout:  5 * time.Second,
+			WriteTimeout: 10 * time.Second,
+			IdleTimeout:  120 * time.Second,
 		}
 		a.Logger.Infow("Listening HTTPS",
 			"host", host,
diff --git a/pkg/nameserver/initialize.go b/pkg/nameserver/initialize.go
index c53909e..a6bcf6e 100644
--- a/pkg/nameserver/initialize.go
+++ b/pkg/nameserver/initialize.go
@@ -24,6 +24,7 @@ type Nameserver struct {
 	OwnDomain         string
 	NotifyStartedFunc func()
 	SOA               dns.RR
+	mu                sync.RWMutex
 	personalAuthKey   string
 	Domains           map[string]Records
 	errChan           chan error
diff --git a/pkg/nameserver/validation.go b/pkg/nameserver/validation.go
index ba9bf2b..6296d1c 100644
--- a/pkg/nameserver/validation.go
+++ b/pkg/nameserver/validation.go
@@ -4,11 +4,15 @@ import "github.com/miekg/dns"
 
 // SetOwnAuthKey sets the ACME challenge token for completing dns validation for acme-dns server itself
 func (n *Nameserver) SetOwnAuthKey(key string) {
+	n.mu.Lock()
+	defer n.mu.Unlock()
 	n.personalAuthKey = key
 }
 
 // answerOwnChallenge answers to ACME challenge for acme-dns own certificate
 func (n *Nameserver) answerOwnChallenge(q dns.Question) ([]dns.RR, error) {
+	n.mu.RLock()
+	defer n.mu.RUnlock()
 	r := new(dns.TXT)
 	r.Hdr = dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 1}
 	r.Txt = append(r.Txt, n.personalAuthKey)