diff --git a/roles/batcave/files/proxy-certs-check-renew.cron b/roles/batcave/files/proxy-certs-check-renew.cron
new file mode 100755
index 0000000000..1283c66bd8
--- /dev/null
+++ b/roles/batcave/files/proxy-certs-check-renew.cron
@@ -0,0 +1,8 @@
+#!/bin/bash
+mailto='admin@fedoraproject.org'
+source /root/sshagent >>/dev/null
+export ANSIBLE_HOST_KEY_CHECKING=False
+export HOME=/root/
+#export ANSIBLE_SSH_PIPELINING=False
+export ANSIBLE_HASH_BEHAVIOUR=merge
+timeout 24h ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t letsencrypt -f 20 |& grep fatal
diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml
index 92604500b9..b8729ae939 100644
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@@ -258,6 +258,17 @@
   - config
   when: inventory_hostname.startswith('batcave01')
 
+#
+# Setup job that runs letsencrypt on proxies each week
+#
+
+- name: setup letsencrypt run for proxies
+  copy: src=proxy-certs-check-renew.cron dest=/etc/cron.weekly/proxy-certs-check-renew.cron mode=0755
+  tags:
+  - batcave
+  - config
+  when: inventory_hostname.startswith('batcave01')
+
 #
 # Setup rhel6 sync script.
 #