diff --git a/ansible/inventories/automotive.yaml b/ansible/inventories/automotive.yaml
index 9d0b4e5..d9f0b93 100644
--- a/ansible/inventories/automotive.yaml
+++ b/ansible/inventories/automotive.yaml
@@ -4,4 +4,5 @@ automotive:
     web:
       hosts:
         automotive.sse.cloud.isti.cnr.it:
+          ansible_host: 146.48.29.251 
         #automotive2.sse.cloud.isti.cnr.it:
\ No newline at end of file
diff --git a/ansible/inventories/group_vars/automotive/automotive.yaml b/ansible/inventories/group_vars/automotive/automotive.yaml
index ee349a1..329f01c 100644
--- a/ansible/inventories/group_vars/automotive/automotive.yaml
+++ b/ansible/inventories/group_vars/automotive/automotive.yaml
@@ -1,6 +1,10 @@
 ---
+#Common Docker 
 docker_network_name: wp_net
+docker_base_volume_path: /usr/data/wp
 
+
+# MYSQL Docker 
 mysql_docker_tag: 9.7.0
 docker_mysql_hostname: web_db
 
@@ -10,13 +14,26 @@ db_password:  "{{ automotive_mysql_user_password }}"
 db_root_password: "{{ automotive_mysql_root_password }}"
 
 
+#NGINX Docker 
 nginx_docker_tag: 1.31.1
 nginx_server_name: automotive.sse.cloud.isti.cnr.it
 ssl: true
 
+#WORDPRESS Docker
 wordpress_docker_tag: 7.0.0-php8.2-apache
-
-docker_base_volume_path: /usr/data/wp
 docker_wordpress_hostname: automotive_test
 
-certbot_docker_tag: v5.6.0
+#CERTBOT for letsencrypt
+certbot_create_method: webroot
+certbot_create_if_missing: true
+certbot_admin_email: fabio.sinibaldi@isti.cnr.it
+
+certbot_webroot: "{{ docker_base_volume_path }}/wordpress"
+certbot_certs:
+  - name: "automotive"
+    domains: 
+    - "{{ nginx_server_name }}"
+
+#Certbot verbose level
+certbot_create_extra_args: "-v"
+certbot_testmode: false
\ No newline at end of file
diff --git a/ansible/playbooks/templates/nginx.j2 b/ansible/playbooks/templates/nginx.j2
index a5d6645..fce58f5 100644
--- a/ansible/playbooks/templates/nginx.j2
+++ b/ansible/playbooks/templates/nginx.j2
@@ -3,9 +3,22 @@ server {
     listen [::]:80;
     server_name {{ nginx_server_name }};
 
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name {{ nginx_server_name }};
+
     root   /var/www/html;
     index  index.php;
 
+    ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
+    {# ssl_trusted_certificate /etc/nginx/ssl/intermediatecertificate.pem; #}
+
     location / {
         proxy_pass http://{{ docker_wordpress_hostname }}:80;
         proxy_set_header Host $host;
@@ -13,4 +26,4 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-} 
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/ansible/playbooks/templates/nginx.j2_http b/ansible/playbooks/templates/nginx.j2_http
new file mode 100644
index 0000000..a5d6645
--- /dev/null
+++ b/ansible/playbooks/templates/nginx.j2_http
@@ -0,0 +1,16 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ nginx_server_name }};
+
+    root   /var/www/html;
+    index  index.php;
+
+    location / {
+        proxy_pass http://{{ docker_wordpress_hostname }}:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+} 
\ No newline at end of file
diff --git a/ansible/playbooks/wordpress.yaml b/ansible/playbooks/wordpress.yaml
index dffff08..bddf1b4 100644
--- a/ansible/playbooks/wordpress.yaml
+++ b/ansible/playbooks/wordpress.yaml
@@ -10,5 +10,53 @@
     - chrissayon.wordpress_docker.network
     - chrissayon.wordpress_docker.mysql
     - chrissayon.wordpress_docker.wordpress
-    - docker-certbot
-    - chrissayon.wordpress_docker.nginx
+
+
+  tasks:
+    # Need to stop using port 80 for certbot webroot validation
+    - name: Gathering NGINX container state
+      docker_container_info:
+        name: nginx
+      register: nginx_info
+
+    - name: Stop NGINX if present
+      docker_container:
+        name: nginx
+        state: stopped
+      when: 
+        - nginx_info.exists
+
+    # Manage certbot
+
+    - name: Install / configure certbot
+      include_role: 
+        name: geerlingguy.certbot
+
+    # Copy certificates
+    # configured volume for ssl is 
+    # "/usr/data/wp/nginx/ssl:/etc/nginx/ssl/:ro"
+
+    - name: Copy fullchain files to nginx volume
+      ansible.builtin.copy:
+        src: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
+        #TODO nginx configuration is not multi domain
+        dest: "{{ docker_base_volume_path }}/nginx/ssl/fullchain.pem"
+        remote_src: true
+        mode: '0644'
+      loop: "{{ certbot_certs }}"
+
+    - name: Copy privkey files to nginx volume
+      ansible.builtin.copy:
+        src: "/etc/letsencrypt/live/{{ item.name }}/privkey.pem"
+        #TODO nginx configuration is not multi domain
+        dest: "{{ docker_base_volume_path }}/nginx/ssl/privatekey.pem"
+        remote_src: true
+        mode: '0644'
+      loop: "{{ certbot_certs }}"
+
+
+    # Restart NGINX
+
+    - name: (Re)start NGINX
+      include_role:
+        name: chrissayon.wordpress_docker.nginx
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index c939441..aa05126 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -11,6 +11,8 @@ roles:
 
   # Required by wordpress_docker
   - name: geerlingguy.docker
+  - name: geerlingguy.certbot
+