diff --git a/group_vars/adm.yml b/group_vars/adm.yml
index 8aa8755..1c7de95 100644
--- a/group_vars/adm.yml
+++ b/group_vars/adm.yml
@@ -5,3 +5,4 @@ datadisks:
 
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
diff --git a/playbooks/adm.yml b/playbooks/adm.yml
index 1fe46b3..a338de1 100644
--- a/playbooks/adm.yml
+++ b/playbooks/adm.yml
@@ -23,3 +23,4 @@
   roles:
     - base
     - ansible-host
+    - certbot
diff --git a/user.list b/user.list
index 1d03aac..5df9e95 100644
--- a/user.list
+++ b/user.list
@@ -7,3 +7,4 @@ entry empty. If only a group is created, leave the user entry empty.
 id    user               group             notes
 -------------------------------------------------------------------------------
 1001  mirror             mirror            
+1002  certbot            certbot