diff --git a/playbooks/include/proxies-certificates.yml b/playbooks/include/proxies-certificates.yml
index bd51350bd9..59a3b71f81 100644
--- a/playbooks/include/proxies-certificates.yml
+++ b/playbooks/include/proxies-certificates.yml
@@ -80,12 +80,6 @@
     certname: secondary.koji.fedoraproject.org.letsencrypt
     SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
 
-  - role: httpd/certificate
-    certname: whatcanidoforfedora.org
-    SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt
-    tags:
-    - whatcanidoforfedora.org
-
   - role: httpd/certificate
     certname: fedoracommunity.org
     SSLCertificateChainFile: fedoracommunity.org.intermediate.cert
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 4634067e60..e54d6e5609 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -411,8 +411,6 @@
     - www.whatcanidoforfedora.org
     ssl: true
     sslonly: true
-    cert_name: whatcanidoforfedora.org
-    SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt
     certbot: true
     tags:
     - whatcanidoforfedora.org
@@ -492,8 +490,6 @@
     certbot: true
     server_aliases:
     - www.fpaste.org
-    cert_name: fpaste.org
-    SSLCertificateChainFile: fpaste.org.intermediate.cert
     tags:
     - fpaste.org
 
@@ -512,8 +508,6 @@
     certbot: true
     server_aliases:
     - s390pkgs.fedoraproject.org
-    cert_name: secondary.koji.fedoraproject.org.letsencrypt
-    SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
     tags:
     - s390.koji.fedoraproject.org
 
@@ -736,7 +730,6 @@
   - role: httpd/website
     site_name: jenkins.fedorainfracloud.org
     cert_name: jenkins.fedorainfracloud.org
-    SSLCertificateChainFile: jenkins.fedorainfracloud.org.intermediate.cert
     certbot: true
 
   - role: httpd/website
diff --git a/roles/httpd/website/tasks/main.yml b/roles/httpd/website/tasks/main.yml
index 582503788b..d0f88c8111 100644
--- a/roles/httpd/website/tasks/main.yml
+++ b/roles/httpd/website/tasks/main.yml
@@ -21,7 +21,9 @@
   - httpd
   - httpd/website
 
-# TODO - copy in Httpd::Certificate
+- name: Letsencrypt certificate stuff
+  include_role: name=letsencrypt
+  when: certbot == True
 
 - name: Copy over primary template for {{site_name}}
   template: >
diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
index 1aed79acb7..061c6291b3 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -41,11 +41,18 @@
 {% endif %}
 
   SSLEngine on
+{% if certbot %}
+  SSLCertificateFile /etc/pki/tls/certs/{{ site_name }}.cert
+  SSLCertificateKeyFile /etc/pki/tls/private/{{ site_name }}.key
+  SSLCertificateChainFile /etc/pki/tls/certs/{{ site_name }}.intermediate.cert
+{% else %}
   SSLCertificateFile /etc/pki/tls/certs/{{ cert_name }}.cert
   SSLCertificateKeyFile /etc/pki/tls/private/{{ cert_name }}.key
 {% if SSLCertificateChainFile %}
   SSLCertificateChainFile /etc/pki/tls/certs/{{ SSLCertificateChainFile }}
 {% endif %}
+{% endif %}
+
   SSLHonorCipherOrder On
 
   # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
new file mode 100644
index 0000000000..e3a1cf83a9
--- /dev/null
+++ b/roles/letsencrypt/tasks/main.yml
@@ -0,0 +1,63 @@
+- name: Generate (or renew) the certificate
+  delegate_to: certgetter01.phx2.fedoraproject.org
+  command: certbot certonly -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
+  tags:
+  - letsencrypt
+
+# And once we do that, we need to copy some things.
+- name: Obtain the certificate
+  delegate_to: certgetter01.phx2.fedoraproject.org
+  command: cat /etc/letsencrypt/live/{{site_name}}/cert.pem
+  register: certbot_certificate
+  tags:
+  - letsencrypt
+
+- name: Obtain the intermediate certificate
+  delegate_to: certgetter01.phx2.fedoraproject.org
+  command: cat /etc/letsencrypt/live/{{site_name}}/chain.pem
+  register: certbot_chain
+  tags:
+  - letsencrypt
+
+- name: Obtain the key
+  delegate_to: certgetter01.phx2.fedoraproject.org
+  command: cat /etc/letsencrypt/live/{{site_name}}/privkey.pem
+  register: certbot_key
+  tags:
+  - letsencrypt
+
+- name: Install the certificate
+  copy: >
+    dest=/etc/pki/tls/certs/{{site_name}}.cert
+    contents={{certbot_certificate.stdout}}
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - reload proxyhttpd
+  tags:
+  - letsencrypt
+
+- name: Install the intermediate/chain certificate
+  copy: >
+    dest=/etc/pki/tls/certs/{{site_name}}.intermediate.cert
+    contents={{certbot_chain.stdout}}
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - reload proxyhttpd
+  tags:
+  - letsencrypt
+
+- name: Install the key
+  copy: >
+    dest=/etc/pki/tls/private/{{site_name}}.key
+    contents={{certbot_key.stdout}}
+    owner=root
+    group=root
+    mode=0600
+  notify:
+  - reload proxyhttpd
+  tags:
+  - letsencrypt