diff --git a/README.md b/README.md
index 9b394ac..34580ae 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 |Repo Name| version | Build Status|
 |---|---|---|---|
-|`cd_nagios`| 0.0.0.7 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_nagios)](https://jenkins.confdroid.com/job/cd_nagios/)|
+|`cd_nagios`| 0.0.0.8 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_nagios)](https://jenkins.confdroid.com/job/cd_nagios/)|
 
 ### Synopsis
 Nagios is a powerful open source software solution for monitoring your IT environments.
@@ -62,6 +62,7 @@ All dependencies must be included in the catalogue.
 * [cd_apache](https://gitlab.puppetsoft.com/12WW1160/cd_apache) for installing httpd
 * [cd_firewall](https://gitlab.puppetsoft.com/12WW1160/cd_firewall) or [puppetlabs firewall](https://github.com/puppetlabs/puppetlabs-firewall) (optional)
 * [cd_selinux](https://gitlab.puppetsoft.com/12WW1160/cd_selinux) for selinux  policy adjustments
+* [cd_certbot](https://gitlab.puppetsoft.com/12WW1160/cd_certbot) to auto-manage TLS certificates (optional)
 
 ### Deployment
 
diff --git a/manifests/certbot/config.pp b/manifests/certbot/config.pp
new file mode 100644
index 0000000..3f0c635
--- /dev/null
+++ b/manifests/certbot/config.pp
@@ -0,0 +1,56 @@
+## cd_nagios::certbot::config.pp
+# Module name: cd_nagios
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+#    This file is part of cd_nagios.
+#
+#    cd_nagios is used for providing automatic configuration of Nagios
+#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# @summary  Class manages all configuration files required for cd_nagios.
+##############################################################################
+class cd_nagios::certbot::config (
+
+) inherits cd_nagios::params {
+
+  if $::fqdn == $ng_nagios_server {
+    if $ng_enable_certbot == true {
+
+      require cd_certbot
+
+      # create cert
+
+      exec { 'create_cert':
+        command   =>  template('cd_nagios/certbot/get_cert.erb'),
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin'],
+        provider  =>  'shell',
+        unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
+        notify    =>  Service['httpd'],
+        creates   =>  '/etc/httpd/conf.d/.cert_created',
+       }
+
+      # renew certs
+
+      exec {  'renew_cert':
+        command   =>  'certbot renew',
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin','/opt/'],
+        provider  =>  'shell',
+        notify    =>  Service['httpd'],
+        unless    =>  template('cd_nagios/certbot/unless_renew_cert.erb'),
+      }
+    }
+  }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
index bc7b483..8902987 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -203,6 +203,12 @@
 # @param  [boolean] ng_disable_welcome Whether the regular welcome screen should
 #   be disabled. this is required for the nagios http check on the nagios server
 #    to be successful.
+# @param [boolean]  ng_enable_certbot Whether to use certbot for automated TLS
+#   certificate management
+# @param  [string]  ng_certbot_cert_path the path for certbot to place
+#   challenges for teh certification process.
+# @param  [string] ng_mail_user email address to receive administrative mail.
+#   used for nagios itself as well as for certbot.
 ###############################################################################
 class cd_nagios::params (
 
@@ -210,6 +216,7 @@ $pkg_ensure           = 'latest',
 
 $ng_nagios_server     = "nagios.${::domain}",
 $ng_nagios_ext_ip     = undef,
+$ng_mail_user         = "admin@${::domain}",
 
 $ng_include_nrpe      = true,
 
@@ -315,6 +322,10 @@ $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
 $ng_disable_welcome   = true,
 
+# certbot
+$ng_enable_certbot    = true,
+$ng_certbot_cert_path = '/var/www/html',
+
 ) {
 
 # installation section
diff --git a/templates/certbot/get_cert.erb b/templates/certbot/get_cert.erb
new file mode 100644
index 0000000..87f47d9
--- /dev/null
+++ b/templates/certbot/get_cert.erb
@@ -0,0 +1,2 @@
+certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_cert_path %>/ -d <%= @ng_nagios_server %> --email <%= @ng_mail_user %>
+touch /etc/httpd/conf.d/.cert_created
diff --git a/templates/certbot/unless_get_cert.erb b/templates/certbot/unless_get_cert.erb
new file mode 100644
index 0000000..bc8ce29
--- /dev/null
+++ b/templates/certbot/unless_get_cert.erb
@@ -0,0 +1,4 @@
+#!/bin/bash 
+<% if @ng_enable_certbot == true %>
+test -d /etc/letsencrypt/archive/<%= @ng_nagios_server %>
+<% end %>
diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb
index bc30b1e..0f92a41 100644
--- a/templates/httpd/forward_conf.erb
+++ b/templates/httpd/forward_conf.erb
@@ -1,4 +1,4 @@
-<VirtualHost *:80>
+<VirtualHost *:<%= @ng_http_port %>>
     ServerAdmin root@localhost
     DocumentRoot /var/www/html
     ServerName www.<%= @ng_nagios_server %>
@@ -8,7 +8,7 @@
 <% end -%>
 <% if @ng_use_https != true -%>
     Redirect permanent / http://<%= @ng_nagios_server %>/nagios
-<% end %>
+<% end -%>
     <Directory />
     AllowOverride All
     </Directory>