diff --git a/web/tasks/install_acme_sh.yml b/web/tasks/install_acme_sh.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cbcb11cf76b49fb3caa75661761bd976712af881
--- /dev/null
+++ b/web/tasks/install_acme_sh.yml
@@ -0,0 +1,41 @@
+---
+# This just installs acme.sh for freifunk
+- name: Check if acme.sh config files exists
+  ansible.builtin.stat:
+    path: "/root/.acme.sh"
+    get_checksum: false
+  register: acme_config
+- name: Download acme.sh
+  ansible.builtin.get_url:
+    url: "https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh"
+    dest: "/opt/downloaded_acme.sh"
+    force: true
+    mode: '755'
+    owner: root
+    group: root
+  become: true
+  become_method: sudo
+  register: download_acme
+  when: acme_config.stat.exists == false
+- name: Install acme.sh
+  ansible.builtin.command:
+    cmd: "/bin/bash /opt/downloaded_acme.sh --install --nocron -m freifunk@c3l.lu"
+  become: true
+  become_method: sudo
+  when: download_acme.changed && acme_config.stat.exists == false
+- name: Update acme.sh if not newly installed
+  ansible.builtin.command:
+    cmd: "/bin/bash /root/.acme.sh/acme.sh --upgrade"
+  become: true
+  when: acme_config.stat.exists
+- name: Add cronjob for acme.sh
+  ansible.builtin.cron:
+    name: "reissue certs if necessary"
+    user: root
+    job: "/root/.acme.sh/acme.sh --cron --home \"/root/.acme.sh/\" > /dev/null"
+    state: "present"
+    minute: "0"
+    hour: "0"
+    day: "*"
+    month: "*"
+    weekday: "*"