diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index 9be951c7..115215fa 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -9,7 +9,7 @@ loc_nginx:
   servers:
     - server_name:
       - lists.crans.org
-      ssl: true
+      ssl: crans.org
       root: "/usr/lib/cgi-bin/mailman/"
       index:
         - index.htm
diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml
index 4f8d5101..76e216b5 100644
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@@ -4,11 +4,14 @@ glob_nginx:
   who: "L'équipe technique du Cr@ns"
   service_name: service
   ssl:
-    cert: /etc/letsencrypt/live/crans.org/fullchain.pem
-    cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
-    trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+    # Add adm.crans.org if necessary
+    - name: crans.org
+      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
   servers:
-    - ssl: false
+    - ssl: false  # Replace by crans.org or adm.crans.org
+      default: true
       server_name:
         - "default"
         - "_"
@@ -21,4 +24,5 @@ glob_nginx:
   auth_passwd: []
   default_server:
   default_ssl_server:
+  default_ssl_domain: crans.org
   deploy_robots_file: false
diff --git a/host_vars/charybde.adm.crans.org.yml b/host_vars/charybde.adm.crans.org.yml
index 625d329e..fd0885f9 100644
--- a/host_vars/charybde.adm.crans.org.yml
+++ b/host_vars/charybde.adm.crans.org.yml
@@ -37,26 +37,26 @@ to_backup:
 loc_nginx:
   service_name: ftp
   servers:
-    server_name:
-      - "ftp"
-      - "ftp.*"
-      - "mirror"
-      - "mirror.*"
-      - "archive.ubuntu.com"
-      - "fr.archive.ubuntu.com"
-      - "security.ubuntu.com"
-      - "ftps"
-      - "ftps.*"
-    root: "/pubftp"
-    locations:
-      - filter: "/"
-      - params:
-        - "autoindex on"
-        - "autoindex_exact_size off"
-        - "add_before_body /.html/HEADER.html"
-        - "add_after_body /.html/FOOTER.html"
-      - filter: "/pub/events/"
-        params:
-          - "mp4"
-          - "mp4_buffer_size 1m"
-          - "mp4_max_buffer_size 5m"
+    - server_name:
+        - "ftp"
+        - "ftp.*"
+        - "mirror"
+        - "mirror.*"
+        - "archive.ubuntu.com"
+        - "fr.archive.ubuntu.com"
+        - "security.ubuntu.com"
+        - "ftps"
+        - "ftps.*"
+      root: "/pubftp"
+      locations:
+        - filter: "/"
+          params:
+          - "autoindex on"
+          - "autoindex_exact_size off"
+          - "add_before_body /.html/HEADER.html"
+          - "add_after_body /.html/FOOTER.html"
+        - filter: "/pub/events/"
+          params:
+            - "mp4"
+            - "mp4_buffer_size 1m"
+            - "mp4_max_buffer_size 5m"
diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml
index c825629f..bf956da8 100644
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@@ -4,7 +4,12 @@ interfaces:
   srv: ens19
 
 loc_certbot:
-  domains: "irc.crans.org"
+  - dns_rfc2136_server: '172.16.10.147'
+    dns_rfc2136_name: certbot_challenge.
+    dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
+    mail: root@crans.org
+    certname: crans.org
+    domains: "irc.crans.org"
 
 loc_nginx:
   service_name: "thelounge"
@@ -12,7 +17,8 @@ loc_nginx:
     - server_name:
         - "irc.crans.org"
         - "irc"
-      ssl: true
+      default: true
+      ssl: crans.org
       locations:
         - filter: "^~ /web/"
           params:
diff --git a/plays/irc.yml b/plays/irc.yml
index 95563292..ab253706 100755
--- a/plays/irc.yml
+++ b/plays/irc.yml
@@ -2,7 +2,7 @@
 ---
 - hosts: irc
   vars:
-    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
+    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
     nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
     thelounge: '{{ glob_thelounge | default({}) | combine(loc_thelounge | default({})) }}'
   roles:
diff --git a/plays/mailman.yml b/plays/mailman.yml
index a0a2a60f..ac7afd00 100755
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@@ -8,6 +8,10 @@
       default_url: "https://lists.crans.org/"
       default_host: "lists.crans.org"
       default_language: "fr"
+      custom_logo: "crans_icon_dark.svg"
+      custom_logo_name: "crans.svg"
+      custom_logo_url: "https://www.crans.org/"
+      custom_logo_alt: "CRANS"
     spamassassin: "SpamAssassin_crans"
     smtphost: "smtp.adm.crans.org"
     mynetworks: ['138.231.0.0/16', '185.230.76.0/22', '2a0c:700:0::/40']
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 4d4179c8..847e397b 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -7,16 +7,22 @@
   retries: 3
   until: apt_result is succeeded
 
-- name: Copy snippets
+- name: Copy proxypass snippets
   template:
-    src: "nginx/snippets/{{ item }}.j2"
-    dest: "/etc/nginx/snippets/{{ item }}"
+    src: "nginx/snippets/options-proxypass.conf.j2"
+    dest: "/etc/nginx/snippets/options-proxypass.conf"
     owner: root
     group: root
     mode: 0644
-  loop:
-    - options-ssl.conf
-    - options-proxypass.conf
+
+- name: Copy SSL snippets
+  template:
+    src: "nginx/snippets/options-ssl.conf.j2"
+    dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf"
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ nginx.ssl }}"
 
 - name: Copy dhparam
   template:
@@ -98,12 +104,6 @@
     group: www-data
     mode: 0644
 
-- name: Indicate role in motd
-  template:
-    src: update-motd.d/05-service.j2
-    dest: /etc/update-motd.d/05-nginx
-    mode: 0755
-
 - name: Install passwords
   when: nginx.auth_passwd|length > 0
   template:
@@ -119,3 +119,9 @@
     owner: www-data
     group: www-data
     mode: 0644
+
+- name: Indicate role in motd
+  template:
+    src: update-motd.d/05-service.j2
+    dest: /etc/update-motd.d/05-nginx
+    mode: 0755
diff --git a/roles/nginx/templates/nginx/sites-available/service.j2 b/roles/nginx/templates/nginx/sites-available/service.j2
index 5a883a48..1e17e099 100644
--- a/roles/nginx/templates/nginx/sites-available/service.j2
+++ b/roles/nginx/templates/nginx/sites-available/service.j2
@@ -19,7 +19,7 @@ upstream {{ upstream.name }} {
 server {
     listen 443 default_server ssl;
     listen [::]:443 default_server ssl;
-    include "/etc/nginx/snippets/options-ssl.conf";
+    include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf";
 
     server_name _;
     charset utf-8;
@@ -55,8 +55,8 @@ server {
 {% if server.ssl is defined and server.ssl -%}
 # Redirect HTTP to HTTPS
 server {
-    listen 80;
-    listen [::]:80;
+    listen 80{% if server.default is defined and server.default %} default_server{% endif %};
+    listen [::]:80{% if server.default is defined and server.default %} default_server{% endif %};
 
     server_name {{ server.server_name|join(" ") }};
     charset utf-8;
@@ -72,9 +72,9 @@ server {
 
 server {
     {% if server.ssl is defined and server.ssl -%}
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    include "/etc/nginx/snippets/options-ssl.conf";
+    listen 443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
+    listen [::]:443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
+    include "/etc/nginx/snippets/options-ssl.{{ server.ssl }}.conf";
     {% else -%}
     listen 80 default;
     listen [::]:80 default;
@@ -86,29 +86,21 @@ server {
     # Hide Nginx version
     server_tokens off;
 
-    {% if server.root is defined -%}
-    root {{ server.root }};
-    {% endif -%}
-    {% if server.index is defined -%}
-    index {{ server.index|join(" ") }};
-    {% endif -%}
+    {% if server.root is defined %}root {{ server.root }};{% endif %}
+    {% if server.index is defined %}index {{ server.index|join(" ") }};{% endif %}
 
-    {% if server.access_log is defined -%}
-    access_log {{ server.access_log }};
-    {% endif -%}
-    {% if server.error_log is defined -%}
-    error_log {{ server.error_log }};
-    {% endif -%}
+    {% if server.access_log is defined %}access_log {{ server.access_log }};{% endif %}
+    {% if server.error_log is defined %}error_log {{ server.error_log }};{% endif %}
 
-    {% if server.locations is defined -%}
-
-    {% for location in server.locations -%}
+{% if server.locations is defined %}
+{% for location in server.locations %}
     location {{ location.filter }} {
-        {% for param in location.params -%}
+{% for param in location.params %}
         {{ param }};
-        {% endfor -%}
+{% endfor %}
     }
-    {% endfor -%}
-{% endif -%}
+
+{% endfor %}
+{% endif %}
 }
 {% endfor %}
diff --git a/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2 b/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2
index 1a9273a8..c980c90b 100644
--- a/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2
+++ b/roles/nginx/templates/nginx/snippets/options-ssl.conf.j2
@@ -1,7 +1,7 @@
 {{ ansible_header | comment }}
 
-ssl_certificate {{ nginx.ssl.cert }};
-ssl_certificate_key {{ nginx.ssl.cert_key }};
+ssl_certificate {{ item.cert }};
+ssl_certificate_key {{ item.cert_key }};
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m;
 ssl_session_tickets off;
@@ -13,5 +13,5 @@ ssl_prefer_server_ciphers off;
 # Enable OCSP Stapling, point to certificate chain
 ssl_stapling on;
 ssl_stapling_verify on;
-ssl_trusted_certificate {{ nginx.ssl.trusted_cert }};
+ssl_trusted_certificate {{ item.trusted_cert }};
 
diff --git a/roles/nginx/templates/update-motd.d/10-service.j2 b/roles/nginx/templates/update-motd.d/10-service.j2
deleted file mode 100755
index 82373d0b..00000000
--- a/roles/nginx/templates/update-motd.d/10-service.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/bin/tail +14
-{{ ansible_header | comment }}
-[0m> [38;5;82mNGINX[0m a été déployé sur cette machine. Voir [38;5;6m/etc/nginx/[0m.