diff --git a/php/src/Controller/DesecController.php b/php/src/Controller/DesecController.php
index bec4ddc4..b72ca71d 100644
--- a/php/src/Controller/DesecController.php
+++ b/php/src/Controller/DesecController.php
@@ -11,7 +11,6 @@ use Psr\Http\Message\ServerRequestInterface as Request;
 
 readonly class DesecController {
     private const string DESEC_API_BASE = 'https://desec.io/api/v1';
-    private const string DEDYN_SUFFIX = '.dedyn.io';
     private const int MAX_SLUG_ATTEMPTS = 5;
     private const int SLUG_BYTES = 5; // bin2hex → 10-char slug
     private const string SLUG_PATTERN = '/^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$/';
@@ -57,7 +56,8 @@ readonly class DesecController {
 
         try {
             if (!$accountAlreadyRegistered) {
-                // 24 random bytes → 48-char hex password, stored so the user can log in at desec.io.
+                // 24 random bytes produce a 48-char hex password, satisfying deSEC's minimum
+                // length requirement and stored so the user can log in at desec.io if needed.
                 $password = bin2hex(random_bytes(24));
                 $token = $this->registerDesecAccount($email, $password);
 
@@ -158,7 +158,7 @@ readonly class DesecController {
         $attempts = $random ? self::MAX_SLUG_ATTEMPTS : 1;
 
         for ($i = 0; $i < $attempts; $i++) {
-            $domain = ($random ? bin2hex(random_bytes(self::SLUG_BYTES)) : $slug) . self::DEDYN_SUFFIX;
+            $domain = ($random ? bin2hex(random_bytes(self::SLUG_BYTES)) : $slug) . ConfigurationManager::DEDYN_SUFFIX;
 
             try {
                 $res = $this->guzzleClient->post(self::DESEC_API_BASE . '/domains/', [
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d0ae54fe..7ee57fe4 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -8,6 +8,8 @@ use AIO\Controller\DockerController;
 
 class ConfigurationManager
 {
+    public const string DEDYN_SUFFIX = '.dedyn.io';
+
     private array $secrets = [];
 
     private array $config = [];
@@ -228,7 +230,7 @@ class ConfigurationManager
     }
 
     public function isDesecDomain(): bool {
-        return str_ends_with($this->domain, '.dedyn.io') && $this->desecToken !== '';
+        return str_ends_with($this->domain, self::DEDYN_SUFFIX) && $this->desecToken !== '';
     }
 
     public function isDesecAccountRegistered(): bool {