diff --git a/roles/docker-mailu/handlers/main.yml b/roles/docker-mailu/handlers/main.yml
index 45a3b0de..d2d0703e 100644
--- a/roles/docker-mailu/handlers/main.yml
+++ b/roles/docker-mailu/handlers/main.yml
@@ -3,3 +3,9 @@
   command:
     cmd: docker-compose -p mailu up -d --force-recreate
     chdir: /usr/local/bin/mailu/
+- name: "restart deploy-letsencrypt-mailu.service"
+  systemd:
+    name: deploy-letsencrypt-mailu.service
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
diff --git a/roles/docker-mailu/meta/main.yml b/roles/docker-mailu/meta/main.yml
index fb4d4f7b..8d10d020 100644
--- a/roles/docker-mailu/meta/main.yml
+++ b/roles/docker-mailu/meta/main.yml
@@ -1,2 +1,3 @@
 dependencies:
 - native-docker-reverse-proxy
+- native-systemd-email
diff --git a/roles/docker-mailu/tasks/main.yml b/roles/docker-mailu/tasks/main.yml
index 6ca31f7a..6c760221 100644
--- a/roles/docker-mailu/tasks/main.yml
+++ b/roles/docker-mailu/tasks/main.yml
@@ -14,6 +14,12 @@
     path: "/etc/mailu"
     state: directory
     mode: 0755
+    
+- name: "create /etc/mailu/certs"
+  file:
+    path: "/etc/mailu/certs"
+    state: directory
+    mode: 0755
 
 - name: "create /usr/local/bin/mailu/"
   file:
@@ -28,3 +34,10 @@
 - name: add mailu.env
   template: src=mailu.env.j2 dest=/usr/local/bin/mailu/mailu.env
   notify: recreate mailu
+
+- name: add deploy-letsencrypt-mailu.sh
+  template: src=deploy-letsencrypt-mailu.sh.j2 dest=/usr/local/bin/mailu/deploy-letsencrypt-mailu.sh
+
+- name: configure deploy-letsencrypt-mailu.service
+  template: src=deploy-letsencrypt-mailu.service.j2 dest=/etc/systemd/system/deploy-letsencrypt-mailu.service
+  notify: restart deploy-letsencrypt-mailu.service
diff --git a/roles/docker-mailu/templates/deploy-letsencrypt-mailu.service.j2 b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.service.j2
new file mode 100644
index 00000000..702186b3
--- /dev/null
+++ b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.service.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Let's Encrypt Mailu Deploy
+OnFailure=systemd-email@%n.service
+After=nginx.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/bash /usr/local/bin/mailu/deploy-letsencrypt-mailu.sh
diff --git a/roles/docker-mailu/templates/deploy-letsencrypt-mailu.sh.j2 b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.sh.j2
new file mode 100644
index 00000000..4a18a3fa
--- /dev/null
+++ b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.sh.j2
@@ -0,0 +1,5 @@
+#!/bin/sh
+cp /etc/letsencrypt/live/{{domain}}/privkey.pem /etc/mailu/certs/key.pem || exit 1
+cp /etc/letsencrypt/live/{{domain}}/fullchain.pem /etc/mailu/certs/cert.pem || exit 1
+sudo cp /etc/letsencrypt/live/{{domain}} /etc/mailu/letsencrypt/ || exit 1
+docker exec mailu_front_1 nginx -s reload
diff --git a/roles/docker-mailu/templates/docker-compose.yml.j2 b/roles/docker-mailu/templates/docker-compose.yml.j2
index 09847a73..e5dda221 100644
--- a/roles/docker-mailu/templates/docker-compose.yml.j2
+++ b/roles/docker-mailu/templates/docker-compose.yml.j2
@@ -37,9 +37,8 @@ services:
       - "{{ ip4_address }}:143:143"
       - "{{ ip4_address }}:993:993"
     volumes:
-      - "/etc/letsencrypt:/certs/letsencrypt:ro"
       - "/etc/mailu/overrides/nginx:/overrides"
-      - "front_certs:/certs"
+      - "/etc/mailu/certs:/certs"
   admin:
     image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-1.8}
     restart: always