diff --git a/roles/add_cert_http_01/tasks/main.yml b/roles/add_cert_http_01/tasks/main.yml
index cd39756..dee5e8d 100644
--- a/roles/add_cert_http_01/tasks/main.yml
+++ b/roles/add_cert_http_01/tasks/main.yml
@@ -54,3 +54,31 @@
     dest: /etc/nftables/input.d/http-certbot.conf
     mode: 0640
   notify: Reload nftables service
+
+- name: Set letsencrypt http-01 challenge argv
+  ansible.builtin.set_fact:
+    letsencrypt_http_01_challenge_argv:
+      - /usr/bin/certbot
+      - certonly
+      - -n
+      - --webroot
+      - --webroot-path
+      - /var/www/acme
+      - -d
+      - "{{ letsencrypt_domain }}"
+      - -m
+      - "{{ letsencrypt_email }}"
+      - --agree-tos
+      - --post-hook
+      - "{{ letsencrypt_post_hook }}"
+
+- name: Set letsencrypt http-01 challenge argv (staging)
+  when: ansible_hostname.endswith('-test')
+  ansible.builtin.set_fact:
+    letsencrypt_http_01_challenge_argv: "{{ letsencrypt_http_01_challenge_argv + ['--test-cert'] }}"
+
+- name: Perform http-01 challenge
+  become: true
+  ansible.builtin.command:
+    argv: "{{ letsencrypt_http_01_challenge_argv }}"
+    creates: "/etc/letsencrypt/live/{{ letsencrypt_domain }}"