diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index 464456e..dfca727 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -13,3 +13,9 @@
     owner: root
     group: root
     mode: 0644
+
+- name: Deploy letsencrypt certificate
+  ansible.builtin.include_role:
+    name: deploy_certificate
+  vars:
+    domain: mail.{{ mail_domain }}
diff --git a/roles/mail/templates/main.cf.j2 b/roles/mail/templates/main.cf.j2
index 93b9b31..a9fd17a 100644
--- a/roles/mail/templates/main.cf.j2
+++ b/roles/mail/templates/main.cf.j2
@@ -11,8 +11,8 @@ readme_directory = no
 compatibility_level = 2
 
 # TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/letsencrypt/live/mail.{{ mail_domain }}/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/mail.{{ mail_domain }}/privkey.pem
 smtpd_tls_security_level=may
 
 smtp_tls_CApath=/etc/ssl/certs