diff --git a/roles/SSL/files/certbot.service b/roles/SSL/files/certbot.service
deleted file mode 100755
index f3a6f89..0000000
--- a/roles/SSL/files/certbot.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Certbot
-
-[Service]
-ExecStart=certbot renew -w /var/lib/letsencrypt/ --preferred-chain "ISRG Root X1"
-ExecStartPost=-/usr/bin/systemctl reload nginx
-ExecStartPost=-/usr/bin/systemctl reload inspircd
-KillMode=process
-Type=oneshot
-RemainAfterExit=no
-User=root
-Group=root
diff --git a/roles/SSL/tasks/main.yml b/roles/SSL/tasks/main.yml
index 3a5fd5f..9258267 100644
--- a/roles/SSL/tasks/main.yml
+++ b/roles/SSL/tasks/main.yml
@@ -7,26 +7,51 @@
       - certbot
       - openssl
 
- - name: LetsEncrypt directory
+ - name: LetsEncrypt directories
    become: yes
    file:
-     path: /etc/letsencrypt
+     path: "{{ item }}"
      owner: root
      group: ssl
      mode: 0750
+   loop:
+     - /etc/letsencrypt
+     - /etc/certbot
 
- - name: Services
+ - name: Service timer
    become: yes
    register: services
    copy:
-     src: "{{ item }}"
-     dest: /usr/lib/systemd/system
+     src: "certbot.timer"
+     dest: /usr/lib/systemd/system/certbot.timer
      owner: root
      group: root
      mode: 0644
-   loop:
-     - "certbot.service"
-     - "certbot.timer"
+
+ # per https://www.cloudns.net/wiki/article/448/
+ - name: ClouDNS configuration
+   become: yes
+   template:
+     src: "certbot.conf.j2"
+     dest: /etc/certbot/certbot.conf
+     owner: root
+     group: root
+     mode: 0600
+
+ - name: Create virtual environment and install package
+   become: yes
+   command:
+     cmd: "python3 -m venv /etc/certbot/venv && /etc/certbot/venv/bin/pip3 install certbot-dns-cloudns"
+     creates: /etc/certbot/venv
+
+ - name: Service
+   become: yes
+   template:
+     src: "certbot.service.j2"
+     dest: /usr/lib/systemd/system/certbot.service
+     owner: root
+     group: root
+     mode: 0600
 
  - name: Enable timer
    when: services.changed
diff --git a/roles/SSL/templates/certbot.conf.j2 b/roles/SSL/templates/certbot.conf.j2
new file mode 100644
index 0000000..ccf6b86
--- /dev/null
+++ b/roles/SSL/templates/certbot.conf.j2
@@ -0,0 +1,2 @@
+dns_cloudns_auth_id={{ secrets.certbot.authid }}
+dns_cloudns_auth_password={{ secrets.certbot.passphrase }}
diff --git a/roles/SSL/templates/certbot.service.j2 b/roles/SSL/templates/certbot.service.j2
new file mode 100755
index 0000000..2cf0813
--- /dev/null
+++ b/roles/SSL/templates/certbot.service.j2
@@ -0,0 +1,12 @@
+[Unit]
+Description=Certbot
+
+[Service]
+ExecStart=/bin/bash -c "source /etc/certbot/venv/bin/activate; certbot renew --authenticator dns-cloudns --dns-cloudns-credentials /etc/certbot/certbot.conf --dns-cloudns-nameserver {{ secrets.certbot.nameserver }}"
+ExecStartPost=-/usr/bin/systemctl reload nginx
+ExecStartPost=-/usr/bin/systemctl reload inspircd
+KillMode=process
+Type=oneshot
+RemainAfterExit=no
+User=root
+Group=root