diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 45d6749..df2e5ee 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -3,5 +3,17 @@
   apt:
     name:
       - nginx
+      - letsencrypt
+      - python3-certbot-nginx
     state: present
     update_cache: yes
+
+- name: create letsencrypt's challenge directory
+  file:
+    name: /var/www/letsencrypt
+    state: directory
+
+- name: generate letsencrypt's dhparams
+  shell: openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 2048
+  args:
+    creates: /etc/letsencrypt/ssl-dhparams.pem