diff --git a/README.md b/README.md
index 6425161..cae965b 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@ apache_access_log: {{ apache_base_dir}}/logs/access_log
 apache_php_socket: {{ apache_base_dir }}/php-fpm.sock
 apache_use_php: true
 apache_use_ssl: true
+apache_use_certbot: true
 apache_stats: true
 apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem
 apache_ssl_chain: /etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem
diff --git a/defaults/main.yml b/defaults/main.yml
index 2417bbb..e041c99 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,7 @@ apache_access_log: "{{ apache_base_dir}}/logs/access_log"
 apache_php_socket: "{{ apache_base_dir }}/php-fpm.sock"
 apache_use_php: true
 apache_use_ssl: true
+apache_use_certbot: true
 apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
 apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem"
 apache_ssl_key: "/etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem "
diff --git a/tasks/certbot.yml b/tasks/certbot.yml
new file mode 100644
index 0000000..ffc5718
--- /dev/null
+++ b/tasks/certbot.yml
@@ -0,0 +1,34 @@
+---
+- name: install certbot
+  yum:
+    name: certbot
+    state: present
+
+- name: install apache config file without ssl
+  vars:
+    apache_use_ssl: false
+  template:
+    src: vhost.conf.jj
+    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
+    mode: 0644
+  notify: restart apache
+
+- name: if needed, we restart apache
+  meta: flush_handlers
+
+- name: generate certificates
+  vars:
+    subdomains: "{{ apache_server_alias | join( ' -d ' ) }}"
+  command: certbot certonly --webroot --webroot-path {{ apache_document_root }}  -d {{ subdomains }}
+  args:
+    creates: "{{ apache_ssl_chain }}"
+
+- name: create cronjob for renewal
+  cron:
+    name: certbot
+    cron_file: certbot
+    user: root
+    hour: "01"
+    minute: "00"
+    weekday: "6"
+    job: "/usr/bin/certbot renew && /sbin/apachectl graceful"
diff --git a/tasks/main.yml b/tasks/main.yml
index c78a8d6..22f46ce 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,5 +1,6 @@
 ---
 # tasks file for apache_vhost
+
 - name: create dedicated user
   user:
     name: "{{ apache_user }}"
@@ -9,13 +10,6 @@
     home: "{{ apache_base_dir }}"
     shell: /bin/bash
 
-- name: vhost config file
-  template:
-    src: vhost.conf.jj
-    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
-    mode: 0644
-  notify: restart apache
-
 - name: php-fpm config file
   template:
     src: pool.conf.jj
@@ -37,10 +31,21 @@
     - "{{ apache_base_dir }}/session"
     - "{{ apache_base_dir }}/wsdlcache"
 
+- name: generate cert
+  include_tasks: certbot.yml
+  when: apache_use_certbot
+
+- name: vhost config file
+  template:
+    src: vhost.conf.jj
+    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
+    mode: 0644
+  notify: restart apache
+
 - name: logrotate config file
   template:
     src: logrotate.conf.jj
-    dest: "/etc/logrotate.d/{{ apache_server_name }}.conf"
+    dest: "/etc/logrotate.d/vhost.conf"
     mode: 0644
 
 - name: goaccess