diff --git a/ansible/irregular-apocalypse/nginx.conf b/ansible/irregular-apocalypse/nginx.conf
deleted file mode 100644
index 740f25f..0000000
--- a/ansible/irregular-apocalypse/nginx.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-server {
-
-    server_name dev.irregular-apocalypse.kejadlen.dev;
-
-    # Redirect non-https traffic to https
-    if ($scheme != "https") {
-        return 301 https://$host$request_uri;
-    }
-
-    location / {
-        proxy_pass http://localhost:3000/;
-    }
-
-}
-
-server {
-
-    server_name irregular-apocalypse.kejadlen.dev;
-
-    # Redirect non-https traffic to https
-    if ($scheme != "https") {
-        return 301 https://$host$request_uri;
-    }
-
-    location /dev {
-        proxy_pass http://localhost:3000/;
-    }
-
-}
diff --git a/ansible/irregular-apocalypse/nginx.yml b/ansible/irregular-apocalypse/nginx.yml
index 40466a3..7a30005 100644
--- a/ansible/irregular-apocalypse/nginx.yml
+++ b/ansible/irregular-apocalypse/nginx.yml
@@ -17,13 +17,16 @@
 
   - name: nginx conf files
     copy:
-      src: nginx.conf
-      dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
+      src: nginx/{{ item }}.conf
+      dest: /etc/nginx/conf.d/{{ item }}.conf
+    with_items:
+      - irregular-apocalypse.kejadlen.dev
+      - dev.irregular-apocalypse.kejadlen.dev
     notify: reload nginx
 
   - name: obtain ssl certificates
     command: >-
-      certbot --nginx
+      certbot certonly --nginx
       -d {{ item }}
       -m alpha+lets.encrypt@kejadlen.dev
       --agree-tos
diff --git a/ansible/irregular-apocalypse/nginx/dev.irregular-apocalypse.kejadlen.dev.conf b/ansible/irregular-apocalypse/nginx/dev.irregular-apocalypse.kejadlen.dev.conf
new file mode 100644
index 0000000..f8282a5
--- /dev/null
+++ b/ansible/irregular-apocalypse/nginx/dev.irregular-apocalypse.kejadlen.dev.conf
@@ -0,0 +1,23 @@
+server {
+
+    server_name dev.irregular-apocalypse.kejadlen.dev;
+
+    # Redirect non-https traffic to https
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+
+    location / {
+        proxy_pass http://localhost:3000/;
+    }
+
+    listen 80;
+
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/dev.irregular-apocalypse.kejadlen.dev/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dev.irregular-apocalypse.kejadlen.dev/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+}
+
diff --git a/ansible/irregular-apocalypse/nginx/irregular-apocalypse.kejadlen.dev.conf b/ansible/irregular-apocalypse/nginx/irregular-apocalypse.kejadlen.dev.conf
new file mode 100644
index 0000000..e5249e3
--- /dev/null
+++ b/ansible/irregular-apocalypse/nginx/irregular-apocalypse.kejadlen.dev.conf
@@ -0,0 +1,22 @@
+server {
+
+    server_name irregular-apocalypse.kejadlen.dev;
+
+    # Redirect non-https traffic to https
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+
+    location /dev {
+        proxy_pass http://localhost:3000/;
+    }
+
+    listen 80;
+
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+}