diff --git a/roles/gitea b/roles/gitea
index 0474dc8..1aa082a 160000
--- a/roles/gitea
+++ b/roles/gitea
@@ -1 +1 @@
-Subproject commit 0474dc8d0c7031f7fcb58484c9c6552b1b9869eb
+Subproject commit 1aa082a2101c69f8cfc13a31604991b0c3dfa8e5
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index faa88f2..8022aea 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -16,6 +16,20 @@
   args:
     creates: /var/lib/dehydrated/accounts
 
+- name: Install letsencrypt cronjob
+  template:
+    dest: "/etc/systemd/system/{{ item }}"
+    src: "{{ item }}"
+  with_items:
+  - dehydrated.service
+  - dehydrated.timer
+
+- name: Start lets encrypt cronjob
+  systemd:
+    name: dehydrated.timer
+    state: started
+    enabled: yes
+
 - name: nginx default config
   notify: reload nginx
   template:
@@ -27,3 +41,5 @@
   template:
     src: snippets-tls.nginx
     dest: /etc/nginx/snippets/tls-acme.conf
+
+
diff --git a/roles/nginx/templates/dehydrated.service b/roles/nginx/templates/dehydrated.service
new file mode 100644
index 0000000..d952396
--- /dev/null
+++ b/roles/nginx/templates/dehydrated.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Check and renew ACME TLS certificates
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/dehydrated -c
diff --git a/roles/nginx/templates/dehydrated.timer b/roles/nginx/templates/dehydrated.timer
new file mode 100644
index 0000000..5275b6f
--- /dev/null
+++ b/roles/nginx/templates/dehydrated.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=Check and renew ACME TLS certificates
+
+[Timer]
+OnCalendar=daily UTC
+
+[Install]
+WantedBy=timers.target