diff --git a/roles/setup_certbot/tasks/main.yml b/roles/setup_certbot/tasks/main.yml
index 590e41a..2580e1a 100644
--- a/roles/setup_certbot/tasks/main.yml
+++ b/roles/setup_certbot/tasks/main.yml
@@ -6,12 +6,16 @@
     state: present
     update_cache: true
 
-- name: Create acme directory
+- name: Create acme directories
   become: true
   ansible.builtin.file:
-    path: /var/www/acme
+    path: "{{ item }}"
     state: directory
     mode: 0755
+  with_items:
+    - /var/www/acme
+    - /var/www/acme/.well-known
+    - /var/www/acme/.well-known/acme-challenge
 
 - name: Enable modules
   become: true
diff --git a/roles/tunuifranken/tasks/letsencrypt.yml b/roles/tunuifranken/tasks/letsencrypt.yml
index 472a18f..e9cc628 100644
--- a/roles/tunuifranken/tasks/letsencrypt.yml
+++ b/roles/tunuifranken/tasks/letsencrypt.yml
@@ -9,10 +9,64 @@
   ansible.builtin.set_fact:
     target_public_ip: "{{ lookup('community.general.dig', 'tunuifranken.info', '@1.1.1.1') }}"
 
+- name: Create needed directories
+  become: true
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
+  with_items:
+    - {path: '/etc/letsencrypt/live', mode: '0700'}
+    - {path: '/etc/letsencrypt/live/tunuifranken.info', mode: '0755'}
+
+- name: Create privkey for letsencrypt
+  become: true
+  community.crypto.openssl_privatekey:
+    path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+  register: privkey
+
+- name: Create csr for letsencrypt
+  become: true
+  community.crypto.openssl_csr_pipe:
+    privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+    common_name: tunuifranken.info
+  register: csr
+  changed_when: privkey is changed
+
 - name: Do http-01 challenge
-  ansible.builtin.debug:
-    msg: "http-01"
+  become: true
   when: local_public_ip.content == target_public_ip
+  block:
+    - name: Create acme challenge
+      community.crypto.acme_certificate:
+        acme_version: 2
+        acme_directory: https://acme-v02.api.letsencrypt.org/directory
+        account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+        terms_agreed: true
+        csr_content: "{{ csr.csr }}"
+        challenge: http-01
+        fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+      register: letsencrypt_challenge
+    - name: Copy http-01 resource
+      ansible.builtin.copy:
+        dest: "/var/www/acme/{{ letsencrypt_challenge['challenge_data']['tunuifranken.info']['http-01']['resource'] }}"
+        content: "{{ letsencrypt_challenge['challenge_data']['tunuifranken.info']['http-01']['resource_value'] }}"
+        mode: 0644
+      when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
+    - name: Validate the challenge and get the cert
+      community.crypto.acme_certificate:
+        acme_version: 2
+        acme_directory: https://acme-v02.api.letsencrypt.org/directory
+        account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+        csr_content: "{{ csr.csr }}"
+        fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+        data: "{{ letsencrypt_challenge }}"
+    - name: Remove the http-01 resource
+      ansible.builtin.file:
+        path: "/var/www/acme/{{ letsencrypt_challenge['challenge_data']['tunuifranken.info']['http-01']['resource'] }}"
+        state: absent
 
 - name: Do dns-01 challenge
   ansible.builtin.debug: