diff --git a/_modules/node.py b/_modules/node.py
--- a/_modules/node.py
+++ b/_modules/node.py
@@ -23,6 +23,12 @@
 ]
 
 
+WITH_NGINX_ROLES = [
+    "webserver-core",
+    "paas-docker",
+]
+
+
 def _get_all_nodes():
     return __pillar__.get("nodes", {})
 
@@ -196,6 +202,13 @@
     return content in filter_by_role("web_content_sls", nodename)
 
 
+def has_nginx(nodename=None):
+    """
+    A function to determine if this server role should include nginx.
+    """
+    return any(role in WITH_NGINX_ROLES for role in get_list("roles", nodename))
+
+
 def get_wwwroot(nodename=None):
     """
     A function to determine the wwwroot folder to use.
diff --git a/_tests/scripts/bats/test_edit_acme_dns_accounts.sh b/_tests/scripts/bats/test_edit_acme_dns_accounts.sh
--- a/_tests/scripts/bats/test_edit_acme_dns_accounts.sh
+++ b/_tests/scripts/bats/test_edit_acme_dns_accounts.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bats
 
-SCRIPT="../roles/paas-docker/letsencrypt/files/edit-acme-dns-accounts.py"
+SCRIPT="../roles/core/certificates/files/edit-acme-dns-accounts.py"
 
 #   -------------------------------------------------------------
 #   Arguments parsing
diff --git a/_tests/scripts/python/test_edit_acme_dns_accounts.py b/_tests/scripts/python/test_edit_acme_dns_accounts.py
--- a/_tests/scripts/python/test_edit_acme_dns_accounts.py
+++ b/_tests/scripts/python/test_edit_acme_dns_accounts.py
@@ -7,7 +7,7 @@
 
 os.environ["ACME_ACCOUNTS"] = "/path/to/acmedns.json"
 
-path = "roles/paas-docker/letsencrypt/files/edit-acme-dns-accounts.py"
+path = "roles/core/certificates/files/edit-acme-dns-accounts.py"
 script = SourceFileLoader("script", "../" + path).load_module()
 
 
diff --git a/pillar/certificates/certificates.sls b/pillar/certificates/certificates.sls
deleted file mode 100644
--- a/pillar/certificates/certificates.sls
+++ /dev/null
@@ -1,15 +0,0 @@
-#   -------------------------------------------------------------
-#   Salt — Let's encrypt certificates
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-#   Project:        Nasqueron
-#   Created:        2017-04-27
-#   License:        Trivial work, not eligible to copyright
-#   -------------------------------------------------------------
-
-#   -------------------------------------------------------------
-#   Certificates
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-certificates_letsencrypt:
-  eglide:
-    - www.eglide.org
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -11,7 +11,6 @@
     - core.users
     - core.groups
     - core.network
-    - certificates.certificates
     - nodes.nodes
     - nodes.forests
     - hotfixes.roles
diff --git a/roles/core/certificates/files/730.letsencrypt b/roles/core/certificates/files/730.letsencrypt
new file mode 100755
--- /dev/null
+++ b/roles/core/certificates/files/730.letsencrypt
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+#   -------------------------------------------------------------
+#   Fetch ports
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   Author :        FreeBSD contributors
+#   License:        BSD-2-Clause
+#   Source file:    roles/core/certificates/files/730.letsencrypt
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+#   -------------------------------------------------------------
+
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+case "$daily_letsencrypt_enable" in
+    [Yy][Ee][Ss])
+	echo ""
+	echo "Running Let's Encrypt renewal:"
+
+	letsencrypt-renewal && rc=0 || rc=3;;
+
+    *)  rc=0;;
+esac
+
+exit $rc
diff --git a/roles/paas-docker/letsencrypt/files/acme-dns-auth.py b/roles/core/certificates/files/acme-dns-auth.py
rename from roles/paas-docker/letsencrypt/files/acme-dns-auth.py
rename to roles/core/certificates/files/acme-dns-auth.py
--- a/roles/paas-docker/letsencrypt/files/acme-dns-auth.py
+++ b/roles/core/certificates/files/acme-dns-auth.py
@@ -1,11 +1,11 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 
 #   -------------------------------------------------------------
 #   PaaS Docker
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Author:         Joona Hoikkala
 #   License:        MIT
-#   Source file:    roles/paas-docker/letsencrypt/files/acme-dns-auth.py
+#   Source file:    roles/core/certificates/files/acme-dns-auth.py
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
@@ -21,7 +21,7 @@
 import sys
 
 ACMEDNS_URL = "https://acme.nasqueron.org"
-STORAGE_PATH = "/etc/letsencrypt/acmedns.json"
+STORAGE_PATH = "/usr/local/etc/acmedns.json"
 ALLOW_FROM = []
 FORCE_REGISTER = False
 
diff --git a/roles/webserver-core/letsencrypt/files/check-letsencrypt-certificates.py b/roles/core/certificates/files/check-letsencrypt-certificates.py
rename from roles/webserver-core/letsencrypt/files/check-letsencrypt-certificates.py
rename to roles/core/certificates/files/check-letsencrypt-certificates.py
--- a/roles/webserver-core/letsencrypt/files/check-letsencrypt-certificates.py
+++ b/roles/core/certificates/files/check-letsencrypt-certificates.py
@@ -1,16 +1,14 @@
 #!/usr/bin/env python3
-# -*- coding: utf-8 -*-
 
 #   -------------------------------------------------------------
 #   Let's encrypt — Certificates web server configuration checker
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2016-06-05
 #   Description:    Check if /.well-known/acme-challenge works
 #                   for the mapping directory webserver for each
-#                   certificate to renew.
+#                   certificate to renew. HTTP only.
 #   License:        BSD-2-Clause
-#   Source file:    roles/webserver-core/letsencrypt/files/check-letsencrypt-certificates.py
+#   Source file:    roles/core/certificates/files/check-letsencrypt-certificates.py
 #   -------------------------------------------------------------
 
 #   -------------------------------------------------------------
@@ -30,6 +28,7 @@
 from urllib.error import HTTPError
 from urllib.request import urlopen
 
+
 #   -------------------------------------------------------------
 #   Configuration
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/roles/webserver-core/letsencrypt/files/cli.ini b/roles/core/certificates/files/cli.ini
rename from roles/webserver-core/letsencrypt/files/cli.ini
rename to roles/core/certificates/files/cli.ini
--- a/roles/webserver-core/letsencrypt/files/cli.ini
+++ b/roles/core/certificates/files/cli.ini
@@ -2,9 +2,8 @@
 #   Let's encrypt
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2017-04-27
 #   License:        Trivial work, not eligible to copyright
-#   Source file:    roles/webserver-core/letsencrypt/files/cli.ini
+#   Source file:    roles/core/certificates/files/cli.ini
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
diff --git a/roles/paas-docker/letsencrypt/files/edit-acme-dns-accounts.py b/roles/core/certificates/files/edit-acme-dns-accounts.py
rename from roles/paas-docker/letsencrypt/files/edit-acme-dns-accounts.py
rename to roles/core/certificates/files/edit-acme-dns-accounts.py
--- a/roles/paas-docker/letsencrypt/files/edit-acme-dns-accounts.py
+++ b/roles/core/certificates/files/edit-acme-dns-accounts.py
@@ -1,16 +1,21 @@
 #!/usr/bin/env python3
-# -*- coding: utf-8 -*-
 
 #   -------------------------------------------------------------
 #   Let's encrypt — ACME DNS server accounts editor
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2020-02-22
-#   Description:    Edit /srv/letsencrypt/etc/acmedns.json to import
-#                   credentials for a specific subdomain to verify.
+#   Description:    Edit acmedns.json to import credentials
+#                   for a specific subdomain to verify.
 #   License:        BSD-2-Clause
+#   Source file:    roles/core/certificates/files/edit-acme-dns-accounts.py
 #   -------------------------------------------------------------
-
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
 
 import json
 import os
@@ -21,7 +26,7 @@
     try:
         return os.environ["ACME_ACCOUNTS"]
     except KeyError:
-        return "/srv/letsencrypt/etc/acmedns.json"
+        return "/usr/local/etc/acmedns.json"
 
 
 ACME_ACCOUNTS_PATH = get_acme_accounts_path()
diff --git a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service b/roles/core/certificates/files/letsencrypt-renew.service
rename from roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
rename to roles/core/certificates/files/letsencrypt-renew.service
--- a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
+++ b/roles/core/certificates/files/letsencrypt-renew.service
@@ -2,9 +2,8 @@
 #   Let's encrypt
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2016-08-24
 #   License:        Trivial work, not eligible to copyright
-#   Source file:    roles/webserver-core/letsencrypt/files/letsencrypt.service
+#   Source file:    roles/core/certificates/files/letsencrypt-renew.service
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
@@ -16,7 +15,11 @@
 
 [Unit]
 Description=Renew Let's encrypt certificates.
+Wants=letsencrypt-renew.timer
 
 [Service]
 Type=oneshot
 ExecStart=/usr/local/sbin/letsencrypt-renewal
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer b/roles/core/certificates/files/letsencrypt-renew.timer
rename from roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer
rename to roles/core/certificates/files/letsencrypt-renew.timer
--- a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer
+++ b/roles/core/certificates/files/letsencrypt-renew.timer
@@ -2,9 +2,8 @@
 #   Let's encrypt
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2016-08-24
 #   License:        Trivial work, not eligible to copyright
-#   Source file:    roles/webserver-core/letsencrypt/files/letsencrypt.timer
+#   Source file:    roles/core/certificates/files/letsencrypt-renew.timer
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
@@ -15,10 +14,10 @@
 #   </auto-generated>
 
 [Unit]
-Description=Runs letsencrypt-renewal every month
+Description=Check and renew Let's Encrypt certificates
 
 [Timer]
-OnCalendar=*-*-26 12:15:00
+OnCalendar=*-*-* 12:15:00
 Persistent=yes
 
 [Install]
diff --git a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service b/roles/core/certificates/files/letsencrypt-renewal-without-nginx.sh
rename from roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
rename to roles/core/certificates/files/letsencrypt-renewal-without-nginx.sh
--- a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
+++ b/roles/core/certificates/files/letsencrypt-renewal-without-nginx.sh
@@ -1,10 +1,11 @@
+#!/bin/sh
+
 #   -------------------------------------------------------------
 #   Let's encrypt
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2016-08-24
 #   License:        Trivial work, not eligible to copyright
-#   Source file:    roles/webserver-core/letsencrypt/files/letsencrypt.service
+#   Source file:    roles/core/certificates/files/letsencrypt-renewal-without-nginx.sh
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
@@ -14,9 +15,4 @@
 #       and will be lost if the state is redeployed.
 #   </auto-generated>
 
-[Unit]
-Description=Renew Let's encrypt certificates.
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/sbin/letsencrypt-renewal
+certbot renew
diff --git a/roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh b/roles/core/certificates/files/letsencrypt-renewal.sh
old mode 100755
new mode 100644
rename from roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
rename to roles/core/certificates/files/letsencrypt-renewal.sh
--- a/roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
+++ b/roles/core/certificates/files/letsencrypt-renewal.sh
@@ -4,9 +4,8 @@
 #   Let's encrypt
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2016-08-24
 #   License:        Trivial work, not eligible to copyright
-#   Source file:    roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
+#   Source file:    roles/core/certificates/files/letsencrypt-renewal.sh
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
@@ -27,5 +26,4 @@
 	fi;
 }
 
-
-certbot renew && nginx_test && service nginx restart
+certbot renew && nginx_test && nginx -s reload
diff --git a/roles/core/certificates/init.sls b/roles/core/certificates/init.sls
--- a/roles/core/certificates/init.sls
+++ b/roles/core/certificates/init.sls
@@ -7,3 +7,4 @@
 
 include:
   - .nasqueron
+  - .letsencrypt
diff --git a/roles/core/certificates/letsencrypt.sls b/roles/core/certificates/letsencrypt.sls
new file mode 100644
--- /dev/null
+++ b/roles/core/certificates/letsencrypt.sls
@@ -0,0 +1,97 @@
+#   -------------------------------------------------------------
+#   Salt - Deploy certificates
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   License:        Trivial work, not eligible to copyright
+#   -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+{% set has_nginx = salt['node']['has_nginx']() %}
+
+#   -------------------------------------------------------------
+#   Software
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+letsencrypt_software:
+  pkg.installed:
+    - name: {{ packages.certbot }}
+
+#   -------------------------------------------------------------
+#   Working directory and configuration
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/letsencrypt-auto:
+  file.directory:
+    - user: root
+    - dir_mode: 711
+
+{{ dirs.etc }}/letsencrypt/cli.ini:
+  file.managed:
+    - source: salt://roles/core/certificates/files/cli.ini
+    - makedirs: True
+
+#   -------------------------------------------------------------
+#   Extra utilities
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.bin }}/check-letsencrypt-certificates:
+  file.managed:
+    - source: salt://roles/core/certificates/files/check-letsencrypt-certificates.py
+    - mode: 755
+
+{{ dirs.etc }}/letsencrypt/acme-dns-auth:
+  file.managed:
+    - source: salt://roles/core/certificates/files/acme-dns-auth.py
+    - mode: 755
+    - makedirs: True
+
+{{ dirs.bin }}/edit-acme-dns-accounts:
+  file.managed:
+    - source: salt://roles/core/certificates/files/edit-acme-dns-accounts.py
+    - mode: 755
+
+#   -------------------------------------------------------------
+#   Check and renew certificates daily
+#
+#   FreeBSD ... periodic
+#   Linux ..... systemd timer
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if has_nginx %}
+{% set renewal_script = "letsencrypt-renewal.sh" %}
+{% else %}
+{% set renewal_script = "letsencrypt-renewal-without-nginx.sh" %}
+{% endif %}
+
+/usr/local/sbin/letsencrypt-renewal:
+  file.managed:
+    - source: salt://roles/core/certificates/files/{{ renewal_script }}
+    - mode: 755
+
+{% if grains["os_family"] == "FreeBSD" %}
+
+/etc/periodic/daily/730.letsencrypt:
+  file.managed:
+    - source: salt://roles/core/certificates/files/730.letsencrypt
+
+{% elif services["manager"] == "systemd" %}
+
+/etc/systemd/system/letsencrypt-renew.timer:
+  file.managed:
+    - source: salt://roles/core/certificates/files/letsencrypt-renew.timer
+
+/etc/systemd/system/letsencrypt-renew.service:
+  file.managed:
+    - source: salt://roles/core/certificates/files/letsencrypt-renew.service
+
+letsencrypt_renew_enable:
+  service.enabled:
+    - name: letsencrypt-renew
+
+letsencrypt_renew_timer_start:
+  service.running:
+    - name: letsencrypt-renew.timer
+    - enable: True
+
+{% endif %}
diff --git a/roles/core/rc/files/periodic.conf b/roles/core/rc/files/periodic.conf
--- a/roles/core/rc/files/periodic.conf
+++ b/roles/core/rc/files/periodic.conf
@@ -3,9 +3,11 @@
 
 # 480.status-ntpd
 daily_status_ntpd_enable="YES"
+
+# 730.letsencrypt
+daily_letsencrypt_enable="YES"
+
 {% if use_zfs %}
 # 800.scrub-zfs
 daily_scrub_zfs_enable="YES"
 {% endif %}
-# 500.certbot
-weekly_certbot_enable="YES"
diff --git a/roles/paas-docker/init.sls b/roles/paas-docker/init.sls
--- a/roles/paas-docker/init.sls
+++ b/roles/paas-docker/init.sls
@@ -18,7 +18,6 @@
   - .wwwroot-content
   - .nginx
   - .monitoring
-  - .letsencrypt
   - .wrappers
 {% if salt['node.has']('flags:install_docker_devel_tools') %}
   - .devel
diff --git a/roles/paas-docker/letsencrypt/init.sls b/roles/paas-docker/letsencrypt/init.sls
deleted file mode 100644
--- a/roles/paas-docker/letsencrypt/init.sls
+++ /dev/null
@@ -1,56 +0,0 @@
-#   -------------------------------------------------------------
-#   Salt — Provision Docker engine
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-#   Project:        Nasqueron
-#   Created:        2018-03-16
-#   License:        Trivial work, not eligible to copyright
-#   -------------------------------------------------------------
-
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-
-#   -------------------------------------------------------------
-#   See also
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-# Wrapper script
-#   - wrappers/init.sls
-#   - wrappers/files/certbot.sh
-#
-# Image
-#   - /pillar/paas/docker.sls
-#
-# Nginx configuration
-#   - nginx/files/includes/letsencrypt
-
-#   -------------------------------------------------------------
-#   Data directory
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-/srv/letsencrypt:
-  file.directory
-
-{% if has_selinux %}
-selinux_context_letsencrypt_home:
-  selinux.fcontext_policy_present:
-    - name: /srv/letsencrypt
-    - sel_type: container_file_t
-
-selinux_context_letsencrypt_home_applied:
-  selinux.fcontext_policy_applied:
-    - name: /srv/letsencrypt
-{% endif %}
-
-#   -------------------------------------------------------------
-#   Plug-ins
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-/srv/letsencrypt/etc/acme-dns-auth:
-  file.managed:
-    - source: salt://roles/paas-docker/letsencrypt/files/acme-dns-auth.py
-    - mode: 755
-    - makedirs: True
-
-/usr/local/bin/edit-acme-dns-accounts:
-  file.managed:
-    - source: salt://roles/paas-docker/letsencrypt/files/edit-acme-dns-accounts.py
-    - mode: 755
diff --git a/roles/paas-docker/wrappers/files/certbot.sh b/roles/paas-docker/wrappers/files/certbot.sh
deleted file mode 100755
--- a/roles/paas-docker/wrappers/files/certbot.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-#   -------------------------------------------------------------
-#   PaaS Docker
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-#   Project:        Nasqueron
-#   Created:        2018-03-15
-#   License:        Trivial work, not eligible to copyright
-#   Source file:    roles/paas-docker/wrappers/files/certbot.sh
-#   -------------------------------------------------------------
-#
-#   <auto-generated>
-#       This file is managed by our rOPS SaltStack repository.
-#
-#       Changes to this file may cause incorrect behavior
-#       and will be lost if the state is redeployed.
-#   </auto-generated>
-
-if [ "$1" = "acme-dns-certonly" ]; then
-	COMMAND=certonly
-	EXTRA_ARGS="--manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth --preferred-challenges dns --debug-challenge"
-else
-	COMMAND=$1
-fi
-shift
-
-docker run -it --rm \
-	-v /srv/letsencrypt/etc:/etc/letsencrypt \
-	-v /srv/letsencrypt/var:/var/lib/letsencrypt \
-	-v /srv/letsencrypt/log:/var/log/letsencrypt \
-	-v /srv/letsencrypt/www:/www \
-	certbot/certbot:latest "$COMMAND" $@ $EXTRA_ARGS
diff --git a/roles/paas-docker/wrappers/init.sls b/roles/paas-docker/wrappers/init.sls
--- a/roles/paas-docker/wrappers/init.sls
+++ b/roles/paas-docker/wrappers/init.sls
@@ -12,7 +12,7 @@
 #   Wrapper binaries
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
-{% for command in ['certbot', 'jenkins', 'phpbb', 'mysql', 'openfire', 'geoipupdate'] %}
+{% for command in ['jenkins', 'phpbb', 'mysql', 'openfire', 'geoipupdate'] %}
 {{ dirs.bin }}/{{ command }}:
   file.managed:
     - source: salt://roles/paas-docker/wrappers/files/{{ command }}.sh
diff --git a/roles/webserver-core/init.sls b/roles/webserver-core/init.sls
--- a/roles/webserver-core/init.sls
+++ b/roles/webserver-core/init.sls
@@ -9,6 +9,3 @@
 include:
   - .nginx
   - .tools
-  {% if 'paas-docker' not in salt['node.get_list']('roles') %}
-  - .letsencrypt
-  {% endif %}
diff --git a/roles/webserver-core/letsencrypt/certificates.sls b/roles/webserver-core/letsencrypt/certificates.sls
deleted file mode 100644
--- a/roles/webserver-core/letsencrypt/certificates.sls
+++ /dev/null
@@ -1,20 +0,0 @@
-#   -------------------------------------------------------------
-#   Salt — Let's encrypt certificates
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-#   Project:        Nasqueron
-#   Created:        2017-04-27
-#   License:        Trivial work, not eligible to copyright
-#   -------------------------------------------------------------
-
-{% from "map.jinja" import dirs with context %}
-
-#   -------------------------------------------------------------
-#   Certificates
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{% for domain in salt['pillar.get']("certificates_letsencrypt:" + grains['id'], []) %}
-certificate_{{ domain }}:
-  cmd.run:
-    - name: certbot certonly -d {{ domain }}
-    - creates: {{ dirs.etc }}/letsencrypt/live/{{ domain }}/fullchain.pem
-{% endfor %}
diff --git a/roles/webserver-core/letsencrypt/init.sls b/roles/webserver-core/letsencrypt/init.sls
deleted file mode 100644
--- a/roles/webserver-core/letsencrypt/init.sls
+++ /dev/null
@@ -1,12 +0,0 @@
-#   -------------------------------------------------------------
-#   Salt — Let's encrypt certificates
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-#   Project:        Nasqueron
-#   Created:        2017-04-27
-#   License:        Trivial work, not eligible to copyright
-#   -------------------------------------------------------------
-
-include:
-  - .software
-  - .service
-  - .certificates
diff --git a/roles/webserver-core/letsencrypt/service.sls b/roles/webserver-core/letsencrypt/service.sls
deleted file mode 100644
--- a/roles/webserver-core/letsencrypt/service.sls
+++ /dev/null
@@ -1,44 +0,0 @@
-#   -------------------------------------------------------------
-#   Salt — Let's encrypt certificates
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-#   Project:        Nasqueron
-#   Created:        2017-04-27
-#   Description:    Provide a renewal service
-#   License:        Trivial work, not eligible to copyright
-#   -------------------------------------------------------------
-
-{% from "map.jinja" import services with context %}
-
-#   -------------------------------------------------------------
-#   Renew script
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-/usr/local/sbin/letsencrypt-renewal:
-  file.managed:
-    - source: salt://roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
-    - mode: 755
-
-#   -------------------------------------------------------------
-#   Unit configuration
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{% if services['manager'] == 'systemd' %}
-
-letsencrypt_renew_unit:
-  file.managed:
-    - name: /etc/systemd/system/letsencrypt-renew.service
-    - source: salt://roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
-    - mode: 644
-  module.run:
-    - service.force_reload:
-      - name: letsencrypt-renew
-    - onchanges:
-       - file: letsencrypt_renew_unit
-
-letsencrypt_renew_enable:
-  service.enabled:
-    - name: letsencrypt-renew
-    - watch:
-      - module: letsencrypt_renew_unit
-
-{% endif %}
diff --git a/roles/webserver-core/letsencrypt/software.sls b/roles/webserver-core/letsencrypt/software.sls
deleted file mode 100644
--- a/roles/webserver-core/letsencrypt/software.sls
+++ /dev/null
@@ -1,44 +0,0 @@
-#   -------------------------------------------------------------
-#   Salt — Let's encrypt certificates
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-#   Project:        Nasqueron
-#   Created:        2017-04-27
-#   License:        Trivial work, not eligible to copyright
-#   -------------------------------------------------------------
-
-{% from "map.jinja" import dirs, packages with context %}
-
-#   -------------------------------------------------------------
-#   Software
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-letsencrypt_software:
-  pkg.installed:
-    - name: {{ packages.certbot }}
-
-#   -------------------------------------------------------------
-#   Working directory
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-/var/letsencrypt-auto:
-  file.directory:
-    - user: root
-    - dir_mode: 711
-
-#   -------------------------------------------------------------
-#   Configuration file
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{{ dirs.etc }}/letsencrypt/cli.ini:
-  file.managed:
-    - source: salt://roles/webserver-core/letsencrypt/files/cli.ini
-    - makedirs: True
-
-#   -------------------------------------------------------------
-#   Extra utilities
-#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{{ dirs.bin }}/check-letsencrypt-certificates:
-  file.managed:
-    - source: salt://roles/webserver-core/letsencrypt/files/check-letsencrypt-certificates.py
-    - mode: 755