diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml
index 0cd1fe22..6a16555e 100644
--- a/nginx/defaults/main.yml
+++ b/nginx/defaults/main.yml
@@ -22,3 +22,6 @@ nginx_proxy_connect_timeout: 30s
 nginx_proxy_read_timeout: 480s
 nginx_proxy_send_timeout: 120s
 
+nginx_letsencrypt_managed: True
+nginx_letsencrypt_proxy_conf: letsencrypt-proxy.conf
+
diff --git a/nginx/files/nginx-letsencrypt-acme.sh b/nginx/files/nginx-letsencrypt-acme.sh
new file mode 100644
index 00000000..074dbc27
--- /dev/null
+++ b/nginx/files/nginx-letsencrypt-acme.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks
+LE_CERTS_DIR=/var/lib/acme/live/$HOSTNAME
+LE_LOG_DIR=/var/log/letsencrypt
+DATE=$( date )
+
+[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
+echo "$DATE" >> $LE_LOG_DIR/nginx.log
+
+if [ -f /etc/default/letsencrypt ] ; then
+    . /etc/default/letsencrypt
+else
+    echo "No letsencrypt default file" >> $LE_LOG_DIR/nginx.log
+fi
+
+echo "Reload the nginx service" >> $LE_LOG_DIR/nginx.log
+if [ -x /bin/systemctl ] ; then
+    systemctl reload nginx >> $LE_LOG_DIR/nginx.log 2>&1
+else
+    service nginx reload >> $LE_LOG_DIR/nginx.log 2>&1
+fi
+
+echo "Done." >> $LE_LOG_DIR/nginx.log
+
+exit 0
diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml
index 69e2426f..f8cfbaee 100644
--- a/nginx/tasks/main.yml
+++ b/nginx/tasks/main.yml
@@ -1,3 +1,5 @@
 ---
 - include: nginx.yml
+- include: nginx-letsencrypt.yml
+  when: letsencrypt_acme_install is defined and letsencrypt_acme_install
 - include: pam-ldap.yml
diff --git a/nginx/tasks/nginx-letsencrypt.yml b/nginx/tasks/nginx-letsencrypt.yml
new file mode 100644
index 00000000..c9b0b6da
--- /dev/null
+++ b/nginx/tasks/nginx-letsencrypt.yml
@@ -0,0 +1,29 @@
+---
+- block:
+    - name: Install the letsencrypt conf
+      template: src={{ item }}.j2 dest=/etc/nginx/conf.d/{{ item }} owner=root group=root mode=0644
+      with_items: '{{ nginx_letsencrypt_proxy_conf }}'
+      notify: Reload nginx
+
+    - name: Create the acme hooks directory if it does not yet exist
+      file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
+
+    - name: Install a letsencrypt hook for nginx
+      copy: src=nginx-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/nginx owner=root group=root mode=4555
+
+  when:
+    - letsencrypt_acme_install is defined and letsencrypt_acme_install
+    - nginx_letsencrypt_managed
+  tags: [ 'nginx', 'letsencrypt' ]
+
+- block:
+    - name: Disable the letsencrypt conf
+      file: dest=/etc/nginx/conf.d/letsencrypt-proxy.conf state=absent
+      notify: nginx2 reload 
+
+    - name: Remove the letsencrypt hook for nginx
+      file: path={{ letsencrypt_acme_services_scripts_dir }}/nginx state=absent
+
+  when: not nginx_letsencrypt_managed
+  tags: [ 'nginx', 'letsencrypt' ]
+
diff --git a/nginx/templates/letsencrypt-proxy.conf.j2 b/nginx/templates/letsencrypt-proxy.conf.j2
new file mode 100644
index 00000000..1e43c274
--- /dev/null
+++ b/nginx/templates/letsencrypt-proxy.conf.j2
@@ -0,0 +1,4 @@
+location /.well-known/acme-challenge {
+    proxy_pass http://127.0.0.1:{{ letsencrypt_acme_standalone_port}}/.well-known/acme-challenge ;
+}
+