diff --git a/certbot.yml b/certbot.yml
new file mode 100755
index 00000000..6a6a3eb5
--- /dev/null
+++ b/certbot.yml
@@ -0,0 +1,34 @@
+#!/usr/bin/env ansible-playbook
+---
+# Temporary
+# Wildcard certificate for MX servers
+- hosts: titanic.adm.crans.org
+  vars:
+    certbot:
+      dns_rfc2136_name: certbot_challenge.
+      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
+      mail: root@crans.org
+      certname: crans.org
+      domains: "*.crans.org"
+    bind:
+      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+  roles:
+    - certbot
+  tasks:
+    - name: Symlink smtp certificate
+      file:
+        src: /etc/letsencrypt/live/crans.org/fullchain.pem
+        dest: /etc/ssl/certs/smtp.pem
+        state: link
+        force: true
+    - name: Symlink smtp private key
+      file:
+        src: /etc/letsencrypt/live/crans.org/privkey.pem
+        dest: /etc/ssl/private/smtp.pem
+        state: link
+        force: true
+    - name: reload postfix
+      systemd:
+        enabled: yes
+        state: restarted
+        name: postfix