diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml
index 2ec065c3..5c414fbe 100644
--- a/group_vars/certbot.yml
+++ b/group_vars/certbot.yml
@@ -19,5 +19,5 @@ glob_service_certbot:
       port: 53
       key:
         name: certbot_challenge.
-        secret: "{{ vault.certbot_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
         algorithm: HMAC-SHA512
diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index 1d358aa1..fc4dc511 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -12,7 +12,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_challenge.
-        secret: "{{ vault.certbot_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
         algorithm: HMAC-SHA512
     "crans.eu":
       zone: _acme-challenge.crans.org
@@ -20,7 +20,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_challenge.
-        secret: "{{ vault.certbot_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
         algorithm: HMAC-SHA512
     "crans.fr":
       zone: _acme-challenge.crans.org
@@ -28,7 +28,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_challenge.
-        secret: "{{ vault.certbot_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
         algorithm: HMAC-SHA512
 
 loc_nginx:
diff --git a/host_vars/gitzly.adm.crans.org.yml b/host_vars/gitzly.adm.crans.org.yml
index b7a62d71..13b0558d 100644
--- a/host_vars/gitzly.adm.crans.org.yml
+++ b/host_vars/gitzly.adm.crans.org.yml
@@ -19,7 +19,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_challenge.
-        secret: "{{ vault.certbot_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
         algorithm: HMAC-SHA512
     "adm.crans.org":
       zone: _acme-challenge.adm.crans.org
@@ -27,7 +27,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_adm_challenge.
-        secret: "{{ vault.certbot_adm_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_adm_challenge.'].secret }}"
         algorithm: HMAC-SHA512
 
 loc_nginx:
diff --git a/host_vars/redisdead.adm.crans.org.yml b/host_vars/redisdead.adm.crans.org.yml
index ffb8ec04..9bd797c4 100644
--- a/host_vars/redisdead.adm.crans.org.yml
+++ b/host_vars/redisdead.adm.crans.org.yml
@@ -23,7 +23,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_challenge.
-        secret: "{{ vault.certbot_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
         algorithm: HMAC-SHA512
     "adm.crans.org":
       zone: _acme-challenge.adm.crans.org
@@ -31,5 +31,5 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_adm_challenge.
-        secret: "{{ vault.certbot_adm_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_adm_challenge.'].secret }}"
         algorithm: HMAC-SHA512
diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml
index 4214b054..c8e7983b 100644
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@@ -48,7 +48,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_challenge.
-        secret: "{{ vault.certbot_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
         algorithm: HMAC-SHA512
     "adm.crans.org":
       zone: _acme-challenge.adm.crans.org
@@ -56,7 +56,7 @@ loc_service_certbot:
       port: 53
       key:
         name: certbot_adm_challenge.
-        secret: "{{ vault.certbot_adm_dns_secret }}"
+        secret: "{{ vault.bind.keys['certbot_adm_challenge.'].secret }}"
         algorithm: HMAC-SHA512
 
 loc_nginx: