diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml
index 7aea38f55e..a7ed667d16 100644
--- a/playbooks/groups/pagure.yml
+++ b/playbooks/groups/pagure.yml
@@ -47,6 +47,7 @@
   #
   - role: letsencrypt
     site_name: "stg.pagure.io"
+    certbot_bundlehost: pagure02.fedoraproject.org
     server_aliases:
     - stg.pagure.io
     - docs.stg.pagure.org
@@ -58,6 +59,7 @@
 
   - role: letsencrypt
     site_name: "pagure.io"
+    certbot_bundlehost: pagure-stg01.fedoraproject.org
     server_aliases:
     - docs.pagure.org
     - lists.pagure.io
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index 19391db679..0c529e08eb 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -135,3 +135,17 @@
   - letsencrypt
   delegate_to: "{{ certbot_addhost }}"
   when: certbot_addhost is defined
+
+- name: Install certificate bundle
+  copy: >
+    dest=/etc/pki/tls/certs/{{site_name}}.bundle.cert
+    content="{{certbot_chain.stdout}} {{certbot_certificate.stdout}}"
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - reload stunnel
+  tags:
+  - letsencrypt
+  delegate_to: "{{ certbot_bundlehost }}"
+  when: certbot_bundlehost is defined
diff --git a/roles/pagure/tasks/main.yml b/roles/pagure/tasks/main.yml
index 9ebd71bcea..7b4214a924 100644
--- a/roles/pagure/tasks/main.yml
+++ b/roles/pagure/tasks/main.yml
@@ -214,29 +214,6 @@
   - pagure
   - stunnel
 
-- name: ensure old stunnel init file is gone
-  file: dest=/etc/init.d/stunnel/stunnel.init state=absent
-  tags:
-  - pagure
-  - stunnel
-  - config
-
-- name: make a bundle file of the cert and intermediate for stunnel
-  shell: cat /etc/pki/tls/certs/pagure.io.cert /etc/pki/tls/certs/pagure.io.intermediate.cert > /etc/pki/tls/certs/pagure.io.bundle.cert creates=/etc/pki/tls/certs/pagure.io.bundle.cert
-  tags:
-  - pagure
-  - stunnel
-  - config
-  when: env != 'pagure-staging'
-
-- name: make a bundle file of the cert and intermediate for stunnel (stg)
-  shell: cat /etc/pki/tls/certs/stg.pagure.io.cert /etc/pki/tls/certs/stg.pagure.io.intermediate.cert > /etc/pki/tls/certs/stg.pagure.io.bundle.cert creates=/etc/pki/tls/certs/stg.pagure.io.bundle.cert
-  tags:
-  - pagure
-  - stunnel
-  - config
-  when: env == 'pagure-staging'
-
 - name: install stunnel.conf
   template: src={{ item.file }}
             dest={{ item.dest }}
diff --git a/roles/pagure/templates/stunnel-conf.j2 b/roles/pagure/templates/stunnel-conf.j2
index 77d916e846..236d11fc8b 100644
--- a/roles/pagure/templates/stunnel-conf.j2
+++ b/roles/pagure/templates/stunnel-conf.j2
@@ -1,8 +1,8 @@
 {% if env == 'pagure-staging' %}
-cert = /etc/pki/tls/certs/stg.pagure.io.cert
+cert = /etc/pki/tls/certs/stg.pagure.io.bundle.cert
 key = /etc/pki/tls/private/stg.pagure.io.key
 {% else %}
-cert = /etc/pki/tls/certs/pagure.io.cert
+cert = /etc/pki/tls/certs/pagure.io.bundle.cert
 key = /etc/pki/tls/private/pagure.io.key
 {% endif %}
 pid = /var/run/stunnel.pid