diff --git a/library/roles/apache/tasks/apache-letsencrypt.yml b/library/roles/apache/tasks/apache-letsencrypt.yml
index 7384172d..4b1d6621 100644
--- a/library/roles/apache/tasks/apache-letsencrypt.yml
+++ b/library/roles/apache/tasks/apache-letsencrypt.yml
@@ -3,16 +3,19 @@
     - name: Enable the proxy modules needed by letsencrypt
       apache2_module: name={{ item }} state=present
       with_items: '{{ apache_letsencrypt_proxy_modules }}'
+      ignore_errors: True
       notify: apache2 reload 
 
     - name: Install the apache letsencrypt directives on trusty
       template: src={{ item }}.j2 dest=/etc/apache2/conf-available/{{ item }} owner=root group=root mode=0644
       with_items: '{{ apache_letsencrypt_proxy_conf }}'
+      ignore_errors: True
       notify: apache2 reload 
 
     - name: Enable the apache letsencrypt directives on trusty
       file: src=/etc/apache2/conf-available/{{ item }} dest=/etc/apache2/conf-enabled/{{ item }} state=link
       with_items: '{{ apache_letsencrypt_proxy_conf }}'
+      ignore_errors: True
       notify: apache2 reload 
 
     - name: Create the acme hooks directory if it does not yet exist
@@ -29,6 +32,7 @@
 - block:
     - name: Disable the letsencrypt conf
       file: dest=/etc/apache2/conf-enabled/letsencrypt-proxy.conf state=absent
+      ignore_errors: True
       notify: apache2 reload 
 
     - name: Remove the letsencrypt hook for apache
diff --git a/library/roles/vsftpd/defaults/main.yml b/library/roles/vsftpd/defaults/main.yml
index 82f6ec78..61b09f1d 100644
--- a/library/roles/vsftpd/defaults/main.yml
+++ b/library/roles/vsftpd/defaults/main.yml
@@ -22,3 +22,10 @@ vsftpd_manage_user_acls: True
 vsftpd_manage_real_users: False
 vsftpd_manage_valid_shells: False
 
+vsftpd_tls_enabled: True
+vsftpd_force_tls: True
+vsftpd_tls_letsencrypt: True
+vsftpd_ssl_ca_certificate: '{{ letsencrypt_acme_certs_dir }}/fullchain'
+vsftpd_ssl_certificate: '{{ letsencrypt_acme_certs_dir }}/cert'
+vsftpd_ssl_certificate_key: '{{ letsencrypt_acme_certs_dir }}/privkey'
+
diff --git a/library/roles/vsftpd/templates/vsftpd.conf.j2 b/library/roles/vsftpd/templates/vsftpd.conf.j2
index 75a10de1..a2eeeead 100644
--- a/library/roles/vsftpd/templates/vsftpd.conf.j2
+++ b/library/roles/vsftpd/templates/vsftpd.conf.j2
@@ -117,10 +117,30 @@ secure_chroot_dir=/var/run/vsftpd/empty
 # This string is the name of the PAM service vsftpd will use.
 pam_service_name=vsftpd
 #
+{% if vsftpd_tls_enabled %}
+# SSL/TLS
+ssl_enable=YES
+ssl_sslv2=NO
+ssl_sslv3=NO
+{% if ansible_distribution_version is version_compare('18.04', '>=') %}
+ssl_tlsv1=NO
+ssl_tlsv1_1=NO
+ssl_tlsv1_2=YES
+{% else %}
+ssl_tlsv1=YES
+{% endif %}
+ca_certs_file={{ vsftpd_ssl_ca_certificate }}
+rsa_cert_file={{ vsftpd_ssl_certificate }}
+rsa_private_key_file={{ vsftpd_ssl_certificate_key }}
+{% if vsftpd_force_tls %}
+force_local_logins_ssl=YES
+force_local_data_ssl=YES
+{% endif %}
+{% else %}
 # This option specifies the location of the RSA certificate to use for SSL
 # encrypted connections.
 rsa_cert_file=/etc/ssl/private/vsftpd.pem
-
+{% endif %}
 
 local_root={{ vsftpd_local_root }}
 pasv_min_port={{ vsftpd_pasv_min_port }}