diff --git a/pizauth.conf.5 b/pizauth.conf.5
index 82d1e73..9df9dd6 100644
--- a/pizauth.conf.5
+++ b/pizauth.conf.5
@@ -36,22 +36,22 @@ is set to the error message.
 Defaults to logging via
 .Xr syslog 3
 if not specified.
-.It Sy http_listen = Em off | Qo Em bind-name Qc ;
+.It Sy http_listen = Em none | Qo Em bind-name Qc ;
 specifies the address for the
 .Xr pizauth 1
 HTTP server to listen on.
 If
-.Em off
+.Em none
 is specified, the HTTP server is turned off entirely.
 Note that at least one of the HTTP and HTTPS servers must be turned on.
 Defaults to
 .Qq 127.0.0.1:0 .
-.It Sy https_listen = Em off | Qo Em bind-name Qc ;
+.It Sy https_listen = Em none | Qo Em bind-name Qc ;
 specifies the address for the
 .Xr pizauth 1
 HTTPS server to listen on.
 If
-.Em off
+.Em none
 is specified, the HTTPS server is turned off entirely.
 Note that at least one of the HTTP and HTTPS servers must be turned on.
 Defaults to
diff --git a/src/config.l b/src/config.l
index 715a772..35bf210 100644
--- a/src/config.l
+++ b/src/config.l
@@ -22,7 +22,7 @@ error_notify_cmd "ERROR_NOTIFY_CMD"
 http_listen "HTTP_LISTEN"
 https_listen "HTTPS_LISTEN"
 login_hint "LOGIN_HINT"
-off "OFF"
+none "NONE"
 refresh_retry "REFRESH_RETRY"
 redirect_uri "REDIRECT_URI"
 refresh_before_expiry "REFRESH_BEFORE_EXPIRY"
diff --git a/src/config.rs b/src/config.rs
index a1bee47..ac01eb8 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -134,7 +134,7 @@ impl Config {
                                 http_listen,
                             )?))
                         }
-                        config_ast::TopLevel::HttpListenOff(span) => {
+                        config_ast::TopLevel::HttpListenNone(span) => {
                             check_not_assigned(&lexer, "http_listen", span, http_listen)?;
                             http_listen = Some(None)
                         }
@@ -146,7 +146,7 @@ impl Config {
                                 https_listen,
                             )?))
                         }
-                        config_ast::TopLevel::HttpsListenOff(span) => {
+                        config_ast::TopLevel::HttpsListenNone(span) => {
                             check_not_assigned(&lexer, "https_listen", span, https_listen)?;
                             https_listen = Some(None)
                         }
@@ -198,7 +198,7 @@ impl Config {
         }
 
         if let (&Some(None), &Some(None)) = (&http_listen, &https_listen) {
-            return Err("Cannot turn both http_listen or https_listen off".into());
+            return Err("Cannot set both http_listen and https_listen to 'none'".into());
         }
 
         if accounts.is_empty() {
@@ -210,14 +210,14 @@ impl Config {
                 match https_listen {
                     Some(Some(_)) | None => (),
                     Some(None) => {
-                        return Err(format!("Account {act_name} has an 'https' redirect but the HTTPS server is turned off"));
+                        return Err(format!("Account {act_name} has an 'https' redirect but the HTTPS server is set to 'none'"));
                     }
                 }
             } else if act.redirect_uri.starts_with("http") {
                 match http_listen {
                     Some(Some(_)) | None => (),
                     Some(None) => {
-                        return Err(format!("Account {act_name} has an 'http' redirect but the HTTP server is turned off"));
+                        return Err(format!("Account {act_name} has an 'http' redirect but the HTTP server is set to 'none'"));
                     }
                 }
             }
@@ -810,7 +810,7 @@ mod test {
             Err(s) if s.contains("Mustn't specify 'http_listen' more than once") => (),
             _ => panic!(),
         }
-        match Config::from_str(r#"http_listen = off; http_listen = "a";"#) {
+        match Config::from_str(r#"http_listen = none; http_listen = "a";"#) {
             Err(s) if s.contains("Mustn't specify 'http_listen' more than once") => (),
             _ => panic!(),
         }
@@ -818,7 +818,7 @@ mod test {
             Err(s) if s.contains("Mustn't specify 'https_listen' more than once") => (),
             _ => panic!(),
         }
-        match Config::from_str(r#"https_listen = off; https_listen = "a";"#) {
+        match Config::from_str(r#"https_listen = none; https_listen = "a";"#) {
             Err(s) if s.contains("Mustn't specify 'https_listen' more than once") => (),
             _ => panic!(),
         }
@@ -858,8 +858,8 @@ mod test {
     fn one_of_http_or_https() {
         match Config::from_str(
             r#"
-            http_listen = off;
-            https_listen = off;
+            http_listen = none;
+            https_listen = none;
             account "x" {
                 auth_uri = "http://a.com";
                 client_id = "b";
@@ -867,7 +867,7 @@ mod test {
             }
         "#,
         ) {
-            Err(e) if e.contains("Cannot turn both http_listen or https_listen off") => (),
+            Err(e) if e.contains("Cannot set both http_listen and https_listen to 'none'") => (),
             Err(e) => panic!("{e:?}"),
             _ => panic!(),
         }
@@ -910,7 +910,7 @@ mod test {
     fn correct_listen_for_account() {
         match Config::from_str(
             r#"
-            http_listen = off;
+            http_listen = none;
             account "x" {
                 auth_uri = "http://a.com";
                 client_id = "b";
@@ -920,7 +920,7 @@ mod test {
         ) {
             Err(e)
                 if e.contains(
-                    "Account x has an 'http' redirect but the HTTP server is turned off",
+                    "Account x has an 'http' redirect but the HTTP server is set to 'none'",
                 ) =>
             {
                 ()
@@ -930,7 +930,7 @@ mod test {
         }
         match Config::from_str(
             r#"
-            https_listen = off;
+            https_listen = none;
             account "x" {
                 auth_uri = "http://a.com";
                 client_id = "b";
@@ -941,7 +941,7 @@ mod test {
         ) {
             Err(e)
                 if e.contains(
-                    "Account x has an 'https' redirect but the HTTPS server is turned off",
+                    "Account x has an 'https' redirect but the HTTPS server is set to 'none'",
                 ) =>
             {
                 ()
diff --git a/src/config.y b/src/config.y
index a5e4e73..f09238a 100644
--- a/src/config.y
+++ b/src/config.y
@@ -16,9 +16,9 @@ TopLevel -> Result<TopLevel, ()>:
   | "AUTH_NOTIFY_CMD" "=" "STRING" ";" { Ok(TopLevel::AuthNotifyCmd(map_err($3)?)) }
   | "AUTH_NOTIFY_INTERVAL" "=" "TIME" ";" { Ok(TopLevel::AuthNotifyInterval(map_err($3)?)) }
   | "ERROR_NOTIFY_CMD" "=" "STRING" ";" { Ok(TopLevel::ErrorNotifyCmd(map_err($3)?)) }
-  | "HTTP_LISTEN" "=" "OFF" ";" { Ok(TopLevel::HttpListenOff(map_err($3)?)) }
+  | "HTTP_LISTEN" "=" "NONE" ";" { Ok(TopLevel::HttpListenNone(map_err($3)?)) }
   | "HTTP_LISTEN" "=" "STRING" ";" { Ok(TopLevel::HttpListen(map_err($3)?)) }
-  | "HTTPS_LISTEN" "=" "OFF" ";" { Ok(TopLevel::HttpsListenOff(map_err($3)?)) }
+  | "HTTPS_LISTEN" "=" "NONE" ";" { Ok(TopLevel::HttpsListenNone(map_err($3)?)) }
   | "HTTPS_LISTEN" "=" "STRING" ";" { Ok(TopLevel::HttpsListen(map_err($3)?)) }
   | "TRANSIENT_ERROR_IF_CMD" "=" "STRING" ";" { Ok(TopLevel::TransientErrorIfCmd(map_err($3)?)) }
   | "REFRESH_AT_LEAST" "=" "TIME" ";" { Ok(TopLevel::RefreshAtLeast(map_err($3)?)) }
diff --git a/src/config_ast.rs b/src/config_ast.rs
index fadf501..ce427eb 100644
--- a/src/config_ast.rs
+++ b/src/config_ast.rs
@@ -7,9 +7,9 @@ pub enum TopLevel {
     AuthNotifyInterval(Span),
     ErrorNotifyCmd(Span),
     HttpListen(Span),
-    HttpListenOff(Span),
+    HttpListenNone(Span),
     HttpsListen(Span),
-    HttpsListenOff(Span),
+    HttpsListenNone(Span),
     TransientErrorIfCmd(Span),
     RefreshAtLeast(Span),
     RefreshBeforeExpiry(Span),