diff --git a/main.yml b/main.yml
index d537e6c..b949c08 100644
--- a/main.yml
+++ b/main.yml
@@ -1,177 +1,178 @@
 ---
 - name: Create Instances
   hosts: 127.0.0.1
   tags: always
   connection: local
   gather_facts: false
   vars_files:
     - "vars/main.yml"
   tasks:
     - include: tasks/create-security-groups.yml
       tags: [ 'init' ]
     - include: tasks/create-instances.yml
       tags: [ 'always' ]
     - include: tasks/create-volumes.yml
       tags: [ 'init' ]
 
 - name: Configure Jump Server
   hosts: lbs 
   tags: conf-lbs
   vars_files:
     - "vars/main.yml"
   vars:
      nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1"
   user: centos
   sudo: yes
   roles:
       - role: common
         tags: [ 'common' ]
       - role: swap/roles/swap
         tags: [ 'common' ]
       - role: ganglia-gmond
       - role: nrpe
         tags: [ 'common', 'conf-monit' ]
+      - role: letsencrypt
       - role: haproxy
       - role: jump
   handlers:
     - include: handlers/main.yml
 
 #- name: Configure keepalived for jump
 #  hosts: c4science-jump00
 #  roles:
 #      - role: keepalived
 #        keepalived_shared_ip: "{{ external_ip }}"
 #        keepalived_role: "master"
 
 #- name: Configure keepalived for jump2
 #  hosts: c4science-jump01
 #  roles:
 #      - role: keepalived
 #        keepalived_shared_ip: "{{ external_ip }}"
 #        keepalived_role: "slave"
 
 - name: Configure Monitoring Server
   hosts: monit
   tags: conf-monit
   vars_files:
     - "vars/main.yml"
   vars:
      nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1"
   user: centos
   sudo: yes
   roles:
       - role: common
         tags: [ 'common' ]
       - role: swap/roles/swap
         tags: [ 'common' ]
       - role: nrpe
         tags: [ 'common', 'conf-monit' ]
       - role: logcheck
       - role: apache
       - role: nagios
       - role: ganglia-gmond
       - role: ganglia-gmetad
   tasks:
       - include: roles/galera/tasks/install.yml
         yum_repo: roles/galera/files/yum.repo
       - service: name=mysql enabled=false state=stopped
   handlers:
     - include: handlers/main.yml
 
 - name: Configure Databases
   hosts: dbs
   tags: conf-dbs
   vars_files:
     - "vars/main.yml"
   vars:
      nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1"
   user: centos
   sudo: yes
   roles:
       - role: common
         tags: [ 'common' ]
       - role: swap/roles/swap
         tags: [ 'common' ]
       - role: nrpe
         tags: [ 'common', 'conf-monit' ]
       - role: ganglia-gmond
       - role: galera
   handlers:
     - include: handlers/main.yml
 
 - name: Configure App
   hosts: app
   tags: conf-app
   vars_files:
     - "vars/main.yml"
   vars:
      nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1"
   user: centos
   sudo: yes
   roles:
       - role: common
         tags: [ 'common' ]
       - role: swap/roles/swap
         tags: [ 'common' ]
       - role: nrpe
         tags: [ 'common', 'conf-monit' ]
       - role: ganglia-gmond
       - { role: nginx, nginx_config: nginx-phabricator.conf }
       - role: glusterfs
       - role: phabricator
   handlers:
     - include: handlers/main.yml
 
 - name: Configure Jenkins
   hosts: ci
   #tags: conf-ci
   vars_files:
     - "vars/main.yml"
   vars:
      nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1"
   user: centos
   sudo: yes
   roles:
       - role: common
         tags: [ 'common' ]
       - role: swap/roles/swap
         tags: [ 'common' ]
       - role: nrpe
         tags: [ 'common', 'conf-monit' ]
       - role: ganglia-gmond
       - role: ci
         tags: [ 'jenkins' ]
       - role: jenkins
         plugins:
           - 'ldap'
           - 'preSCMbuildstep'
           - 'git'
           - 'build-token-root'
           - 'phabricator-plugin'
           - 'docker-plugin'
           - 'template-project'
           - 'build-monitor-plugin'
         prefix: '/build'
         email:
           smtp_host: 'mail.epfl.ch'
           smtp_ssl: 'true'
           default_email_suffix: '@epfl.ch'
 
 - name: Configure Backup server
   hosts: backup
   tags: conf-backup
   vars_files:
     - "vars/main.yml"
   vars:
      nagios_nrpe_server_allowed_hosts: "86.119.30.4,127.0.0.1"
   user: centos
   sudo: yes
   roles:
       - role: common
         tags: [ 'common' ]
       - role: swap/roles/swap
         tags: [ 'common' ]
       - role: nrpe
         tags: [ 'common', 'conf-monit' ]
       - role: backup
 
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
new file mode 100644
index 0000000..cb48a17
--- /dev/null
+++ b/roles/letsencrypt/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Clone letsencrypt
+  git:
+      repo: https://github.com/letsencrypt/letsencrypt
+      dest: "/opt/letsencrypt"
+      version: master
+
+- name: Renew script
+  template: src=renew-letsencrypt.sh dest=/root/renew-letsencrypt.sh mode=0700
+
+- name: Renew cert every 2 monthes
+  cron:
+    name: Renew SSL certificate
+    minute: 0
+    hour: 5
+    job: "/root/renew-letsencrypt.sh"
+
diff --git a/roles/letsencrypt/templates/renew-letsencrypt.sh b/roles/letsencrypt/templates/renew-letsencrypt.sh
new file mode 100644
index 0000000..d445a2f
--- /dev/null
+++ b/roles/letsencrypt/templates/renew-letsencrypt.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+service haproxy stop
+cd /opt/letsencrypt
+./letsencrypt-auto certonly --standalone --email jean-baptiste.aubort@epfl.ch -d {{ domain }}
+service haproxy start
+