diff --git a/group_vars/munin_server.yml.template b/group_vars/munin_server.yml.template
index 8d6456f..64d4bee 100644
--- a/group_vars/munin_server.yml.template
+++ b/group_vars/munin_server.yml.template
@@ -4,7 +4,7 @@ munin_hosts:
     address: "127.0.0.1"
     extra: ["use_node_name yes"]
   - name: "host.example.org"
-    address: "address ssh://munin-async@host.example.org/ -W localhost:4949"
+    address: "ssh://munin-async@host.example.org/ -W localhost:4949"
 
 munin_admin_user: "{{ vault_munin_admin_user }}"
 munin_admin_password: "{{ vault_munin_admin_password }}"
@@ -13,3 +13,49 @@ private_key_munin_async_user_host: "{{ vault_private_key_munin_async_user_host }
 public_key_munin_async_user_host: "{{ vault_public_key_munin_async_user_host }}"
 
 munin_alerts: []
+
+# Role ansible-role-certbot : defina auto renew, schedule, ...
+certbot_auto_renew: true
+certbot_auto_renew_user: "root"
+certbot_auto_renew_hour: "3"
+certbot_auto_renew_minute: "30"
+certbot_auto_renew_options: "--quiet --no-self-upgrade"
+certbot_admin_email: contact@wirebrass.fr
+certbot_create_if_missing: true
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+  - nginx
+certbot_certs:
+  - domains:
+    - "{{ inventory_hostname }}"
+
+nginx_remove_default_vhost: true
+nginx_vhosts:
+  - listen: "80"
+    server_name: "{{ inventory_hostname }}"
+    return: "301 https://{{ inventory_hostname }}$request_uri"
+    filename: "{{ inventory_hostname }}.80.conf"
+  - listen: "443 ssl http2"
+    server_name: "{{ inventory_hostname }}"
+    root: "/var/cache/munin/www/static"
+    filename: "{{ inventory_hostname }}.conf"
+    extra_parameters: |
+      ssl_certificate     /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
+      ssl_protocols       TLSv1.2;
+      ssl_ciphers         HIGH:!aNULL:!MD5;
+      location = / {
+          rewrite ^/$ munin/ redirect; break;
+      }
+      location /munin/static/ {
+          alias /etc/munin/static/;
+          expires modified +1w;
+      }
+      location /munin/ {
+          auth_basic            "Restricted";
+          auth_basic_user_file  /etc/munin/munin-htpasswd;
+
+          alias /var/cache/munin/www/;
+          expires modified +310s;
+      }
+