diff --git a/roles/core/certificates/acmesh.sls b/roles/core/certificates/acmesh.sls
index 8091345..ca95d0d 100644
--- a/roles/core/certificates/acmesh.sls
+++ b/roles/core/certificates/acmesh.sls
@@ -1,29 +1,36 @@
 #   -------------------------------------------------------------
 #   Salt - Deploy acme.sh
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
+{% from "map.jinja" import dirs with context %}
+
 acme.sh:
   pkg.installed
 
 /var/certificates/general:
   file.directory:
     - user: acme
     - mode: 700
     - makedirs: True
 
 /usr/local/etc/newsyslog.conf.d/acme.sh.conf:
   file.managed:
     - source: salt://roles/core/certificates/files/syslog/acme.sh.conf
 
 acmesh_newsyslog_run:
   cmd.run:
     - name: newsyslog -NC
     - creates: /var/log/acme.sh.log
 
 /usr/local/etc/cron.d/acmesh:
   file.managed:
     - source: salt://roles/core/certificates/files/acmesh/acme.sh.cron
     - makedirs: True
+
+{{ dirs.bin }}/acmesh-nginxCheck:
+  file.managed:
+    - source: salt://roles/core/certificates/files/acmesh-nginxCheck.sh
+    - mode: 755
diff --git a/roles/core/certificates/files/acmesh-nginxCheck.sh b/roles/core/certificates/files/acmesh-nginxCheck.sh
new file mode 100644
index 0000000..3471179
--- /dev/null
+++ b/roles/core/certificates/files/acmesh-nginxCheck.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+#   -------------------------------------------------------------
+#   Let's encrypt
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   License:        Trivial work, not eligible to copyright
+#   Source file:    roles/core/certificates/files/acmesh-nginxCheck.sh
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+nginx_test() {
+	nginx_output="$(nginx -t 2>&1)"
+	nginx_return_code="$?"
+
+	if [ "$nginx_return_code" -eq 0 ] && echo "${nginx_output}" | grep warn >&2; then
+		return 2;
+	else
+		return "$nginx_return_code";
+	fi;
+}
+
+nginx_test && nginx -s reload
diff --git a/roles/core/certificates/init.sls b/roles/core/certificates/init.sls
index 3aa87d7..7bc833e 100644
--- a/roles/core/certificates/init.sls
+++ b/roles/core/certificates/init.sls
@@ -1,10 +1,11 @@
 #   -------------------------------------------------------------
 #   Salt - Deploy certificates
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
 include:
+  - .acmesh
   - .nasqueron
   - .letsencrypt
diff --git a/roles/core/sudo/files/acme b/roles/core/sudo/files/acme
new file mode 100644
index 0000000..4a4d62a
--- /dev/null
+++ b/roles/core/sudo/files/acme
@@ -0,0 +1,16 @@
+#   -------------------------------------------------------------
+#   SaltStack deployment
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   License:        Trivial work, not eligible to copyright
+#   Source file:    roles/core/sudo/files/acme
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+acme ALL= NOPASSWD: {{ dirs.bin }}/acmesh-nginxCheck
diff --git a/roles/core/sudo/init.sls b/roles/core/sudo/init.sls
index d180885..e49b260 100644
--- a/roles/core/sudo/init.sls
+++ b/roles/core/sudo/init.sls
@@ -1,29 +1,38 @@
 #   -------------------------------------------------------------
 #   Salt — sudo configuration
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   Created:        2017-10-19
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
 {% from "map.jinja" import dirs with context %}
 
 #   -------------------------------------------------------------
 #   Software
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 {% if grains['os'] == 'FreeBSD' %}
 sudo:
   pkg.installed
 {% endif %}
 
 #   -------------------------------------------------------------
 #   Sudo capabilities
 #
 #   Ops should be able to sudo …
+#   Acmesh should be able to sudo acmesh-nginxCheck
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 {{ dirs.etc }}/sudoers.d/ops:
   file.managed:
     - source: salt://roles/core/sudo/files/ops
     - makedirs: True
+
+{{ dirs.etc }}/sudoers.d/acme:
+  file.managed:
+    - source: salt://roles/core/sudo/files/acme
+    - template: jinja
+    - makedirs: True
+    - context:
+        dirs: {{ dirs }}