diff --git a/webserver/defaults/main.yml b/webserver/defaults/main.yml
index ef1263656ff217cee98f3bd7574301ea7c212e3a..2ec74606491693b63193bc8aae2ecc48c13cb9f7 100644
--- a/webserver/defaults/main.yml
+++ b/webserver/defaults/main.yml
@@ -2,3 +2,6 @@
 
 cipher_strength: modern
 nginx_pam_groups: []
+webserver_enable_acme_default: true
+webserver_enable_ipv6: true
+webserver_resolver: "{{ nameservers }}"
diff --git a/webserver/templates/nginx-proxy.conf b/webserver/templates/nginx-proxy.conf
index 1acae8fe042b1a81bb72b4e7b25c8ef13829da96..ed8aa03914b04e7cc53f0660395f35b415113e0e 100644
--- a/webserver/templates/nginx-proxy.conf
+++ b/webserver/templates/nginx-proxy.conf
@@ -38,7 +38,7 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
-    resolver {{nameservers|join(" ")}} ipv6={{ webserver_enable_ipv6 }};
+    resolver {{ webserver_resolver|join(" ") }} ipv6={{ webserver_enable_ipv6 }};
 
     ##
     # SSL Settings
@@ -90,4 +90,14 @@ http {
     include /etc/nginx/sites-available/tls-proxy;
     {% endif %}
 
+    {% if webserver_enable_acme_default %}
+    server {
+        listen 80;
+        server_name _;
+        include /etc/nginx/snippets/acmetool.conf;
+        location / {
+            deny all;
+        }
+    }
+    {% endif %}
 }
diff --git a/webserver/templates/nginx.conf b/webserver/templates/nginx.conf
index 4d68f49d5440d2a40a38b1c44c22b2657908e015..a0f4339ac2a099de8af2c5fb5c44233e8e968fec 100644
--- a/webserver/templates/nginx.conf
+++ b/webserver/templates/nginx.conf
@@ -31,7 +31,7 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
-    resolver {{nameservers|join(" ")}} ipv6={{ webserver_enable_ipv6 }};
+    resolver {{ webserver_resolver|join(" ") }} ipv6={{ webserver_enable_ipv6 }};
 
     ##
     # SSL Settings