diff --git a/roles/web/files/certs b/roles/web/files/certs
index 10a9833..44750f0 100644
--- a/roles/web/files/certs
+++ b/roles/web/files/certs
@@ -42,6 +42,20 @@ www.ccc-r.de:
   format: key
   action: '/usr/sbin/service nginx restart'
 
+fahrplan.eh21.easterhegg.eu:
+- path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: '/usr/sbin/service nginx restart'
+- path: /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: '/usr/sbin/service nginx restart'
+
 www.makerspace-regensburg.de:
 - path: /etc/nginx/ssl/www.makerspace-regensburg.de.crt
   user: root
diff --git a/roles/web/files/vhost b/roles/web/files/vhost
index 421140d..7c7cd91 100644
--- a/roles/web/files/vhost
+++ b/roles/web/files/vhost
@@ -180,6 +180,41 @@ server {
 	default_type text/html;
 }
 
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name fahrplan.eh21.easterhegg.eu;
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://fahrplan.eh21.easterhegg.eu$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name fahrplan.eh21.easterhegg.eu;
+
+	ssl_certificate_key /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key;
+	ssl_certificate /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt;
+
+	root /var/www/eh21-fahrplan;
+
+	location = / {
+		return 301 https://fahrplan.eh21.easterhegg.eu/eh/;
+	}
+
+	default_type text/html;
+}
+
+
 server {
 	listen 80;
 	listen [::]:80;
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index dfb7255..a8a2508 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -15,6 +15,7 @@
   - autoconfig
   - autoconfig/mail
   - ccc-r
+  - eh21-fahrplan
   - makerspace-regensburg
   - kitchen
 
@@ -30,6 +31,10 @@
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt
   notify: Restart nginx
 
+- name: Ensure (EH21 fahrplan) certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.key -out /etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt -days 730 -subj "/CN=fahrplan.eh21.easterhegg.eu" creates=/etc/nginx/ssl/fahrplan.eh21.easterhegg.eu.crt
+  notify: Restart nginx
+
 - name: Ensure (MS-R) certificates are available
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
   notify: Restart nginx