diff --git a/roles/mumble/certificates/files/update-mumble-certificates b/roles/mumble/certificates/files/update-mumble-certificates
new file mode 100755
--- /dev/null
+++ b/roles/mumble/certificates/files/update-mumble-certificates
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# Deploy Mumble certificate on Murmur
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2016-11-03
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+if [ -z "$JAIL_HOSTNAME" ]; then
+ JAIL_HOSTNAME=mumble.nasqueron.org
+fi
+
+if [ -z "$CERT_DIR" ]; then
+ CERT_DIR=/usr/local/etc/letsencrypt/live/$JAIL_HOSTNAME
+fi
+
+if [ -z "$JAIL_DIR" ]; then
+ JAIL_DIR=/usr/local/jails/$JAIL_HOSTNAME
+fi
+
+if [ -z "$JAIL_ID" ]; then
+ JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`
+fi
+
+cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt
+cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key
+
+# murmur has uid 338
+chown 338:0 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key
+chmod 400 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key
+
+jexec $JAIL_ID service murmur restart
diff --git a/roles/mumble/certificates/init.sls b/roles/mumble/certificates/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/mumble/certificates/init.sls
@@ -0,0 +1,13 @@
+# -------------------------------------------------------------
+# Salt — Deploy SSL certificate for Mumble server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2016-11-03
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+mumble_certificates_update_script:
+ file.managed:
+ - name: /usr/local/bin/update-mumble-certificates
+ - source: salt://roles/mumble/certificates/files/update-mumble-certificates
+