diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index 02cac65..0fa4d4a 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -81,6 +81,10 @@
   notify: Run postmap
   tags: mail
 
+- name: Configure certificate manager
+  template: src=certs.j2 dest=/etc/acme/domains.d/{{ ansible_fqdn }}_mail.conf
+  tags: mail
+
 - name: Create razor directory structure
   command: razor-admin -create chdir=/var/lib/amavis creates=/var/lib/amavis/.razor
   become: yes
diff --git a/roles/mail/templates/certs.j2 b/roles/mail/templates/certs.j2
new file mode 100644
index 0000000..ab9b7bd
--- /dev/null
+++ b/roles/mail/templates/certs.j2
@@ -0,0 +1,27 @@
+---
+
+{{ ansible_fqdn }}:
+- path: /etc/postfix/ssl/{{ ansible_fqdn }}.crt
+  user: postfix
+  group: postfix
+  perm: '400'
+  format: crt
+  notify: 'service postfix reload'
+- path: /etc/postfix/ssl/{{ ansible_fqdn }}.key
+  user: postfix
+  group: postfix
+  perm: '400'
+  format: key
+  notify: 'service postfix reload'
+- path: /etc/dovecot/ssl/{{ ansible_fqdn }}.crt
+  user: dovecot
+  group: dovecot
+  perm: '400'
+  format: crt
+  notify: 'service dovecot reload'
+- path: /etc/dovecot/ssl/{{ ansible_fqdn }}.key
+  user: dovecot
+  group: dovecot
+  perm: '400'
+  format: key
+  notify: 'service dovecot reload'