diff --git a/roles/distgit/files/git-hooks-messaging.toml b/roles/distgit/files/git-hooks-messaging.toml
new file mode 100644
index 0000000000..554889582b
--- /dev/null
+++ b/roles/distgit/files/git-hooks-messaging.toml
@@ -0,0 +1,23 @@
+# A sample configuration for fedora-messaging. This file is in the TOML format.
+# For complete details on all configuration options, see the documentation.
+# https://fedora-messaging.readthedocs.io/en/stable/configuration.html
+
+# Broker address
+amqp_url = "amqps://git-hooks:@rabbitmq.fedoraproject.org/%2Fpubsub"
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+# This is used for migrating from fedmsg, and should not be used afterwards.
+topic_prefix = "org.fedoraproject.prod"
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/git-hooks.ca"
+keyfile = "/etc/pki/rabbitmq/git-hooks.key"
+certfile = "/etc/pki/rabbitmq/git-hooks.crt"
+
+[client_properties]
+app = "git-hooks"
+
+[consumer_config]
+excluded_paths = ["/requests/"]
+with_namespace = true
+url_template = "https://src.fedoraproject.org/{namespace}/{repo}/c/{rev}?branch={branch}"
diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index c41fe39cc0..6e5ce2872f 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -134,38 +134,35 @@
   - config
   - distgit
 
-- name: Make sure apache can access the fedora-messaging ca
-  acl:
-    path: /etc/pki/rabbitmq/git-hooks.ca
-    entity: apache
-    etype: group
-    permissions: r
-    state: present
+- name: Dploy the Fedora messaging config. file for uploads
+  ansible.builtin.copy: src=git-hooks-messaging.toml dest=/etc/fedora-messaging/git-hooks-messaging.toml
   tags:
+  - config
   - distgit
-  when: inventory_hostname.startswith('batcave')
 
-- name: Make sure apache can access the fedora-messaging crt
-  acl:
-    path: /etc/pki/rabbitmq/git-hooks.crt
-    entity: apache
-    etype: group
-    permissions: r
-    state: present
+- name: Deploy the Fedora messaging certificate
+  ansible.builtin.copy: src={{ item.src }}
+        dest=/etc/pki/rabbitmq/{{ item.dest }}
+        owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
+  with_items:
+    - src: "{{private}}/files/rabbitmq/production/pki/issued/git-hooks.crt"
+      dest: git-hooks.crt
+      owner: root
+      group: root
+      mode: "444"
+    - src: "{{private}}/files/rabbitmq/production/pki/private/git-hooks.key"
+      dest: git-hooks.key
+      owner: root
+      group: root
+      mode: "440"
+    - src: "{{private}}/files/rabbitmq/production/pki/reqs/git-hooks.req"
+      dest: git-hooks.ca
+      owner: root
+      group: root
+      mode: "444"
   tags:
   - distgit
-  when: inventory_hostname.startswith('batcave')
-
-- name: Make sure apache can access the fedora-messaging key
-  acl:
-    path: /etc/pki/rabbitmq/git-hooks.key
-    entity: apache
-    etype: group
-    permissions: r
-    state: present
-  tags:
-  - distgit
-  when: inventory_hostname.startswith('batcave')
+  - fedora-messaging
 
 - name: Create the distgit root directory (/srv/git)
   ansible.builtin.file: dest=/srv/git state=directory mode=0755