diff --git a/roles/tunuifranken/tasks/letsencrypt.yml b/roles/tunuifranken/tasks/letsencrypt.yml
new file mode 100644
index 0000000..472a18f
--- /dev/null
+++ b/roles/tunuifranken/tasks/letsencrypt.yml
@@ -0,0 +1,20 @@
+---
+- name: Get public IP
+  ansible.builtin.uri:
+    url: https://ipinfo.io/ip
+    return_content: true
+  register: local_public_ip
+
+- name: Get tunuifranken.info public IP
+  ansible.builtin.set_fact:
+    target_public_ip: "{{ lookup('community.general.dig', 'tunuifranken.info', '@1.1.1.1') }}"
+
+- name: Do http-01 challenge
+  ansible.builtin.debug:
+    msg: "http-01"
+  when: local_public_ip.content == target_public_ip
+
+- name: Do dns-01 challenge
+  ansible.builtin.debug:
+    msg: "dns-01"
+  when: local_public_ip.content != target_public_ip
diff --git a/roles/tunuifranken/tasks/main.yml b/roles/tunuifranken/tasks/main.yml
index bfb1ca5..8a3ffbc 100644
--- a/roles/tunuifranken/tasks/main.yml
+++ b/roles/tunuifranken/tasks/main.yml
@@ -11,6 +11,9 @@
     state: directory
     mode: 0775
 
+- name: Deploy letsencrypt certificate
+  ansible.builtin.include_tasks: letsencrypt.yml
+
 - name: Copy vHost conf
   become: true
   ansible.builtin.template: