diff --git a/zulip/defaults/main.yml b/zulip/defaults/main.yml
index fd8cfbd9..420f607d 100644
--- a/zulip/defaults/main.yml
+++ b/zulip/defaults/main.yml
@@ -5,3 +5,5 @@ zulip_distrib_file: zulip-server-latest.tar.gz
 zulip_ssl_cert_file: /etc/ssl/certs/zulip.combined-chain.crt
 zulip_ssl_key_file: /etc/ssl/private/zulip.key
 
+zulip_letsencrypt_managed: True
+
diff --git a/zulip/files/nginx-letsencrypt-acme.sh b/zulip/files/nginx-letsencrypt-acme.sh
new file mode 100644
index 00000000..d18314b3
--- /dev/null
+++ b/zulip/files/nginx-letsencrypt-acme.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks
+LE_LOG_DIR=/var/log/letsencrypt
+DATE=$( date )
+
+[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
+echo "$DATE" >> $LE_LOG_DIR/nginx.log
+
+if [ -f /etc/default/letsencrypt ] ; then
+    . /etc/default/letsencrypt
+else
+    echo "No letsencrypt default file" >> $LE_LOG_DIR/nginx.log
+fi
+
+echo "Reload the nginx service" >> $LE_LOG_DIR/nginx.log
+if [ -x /bin/systemctl ] ; then
+    systemctl reload nginx >> $LE_LOG_DIR/nginx.log 2>&1
+else
+    service nginx reload >> $LE_LOG_DIR/nginx.log 2>&1
+fi
+
+echo "Done." >> $LE_LOG_DIR/nginx.log
+
+exit 0
diff --git a/zulip/tasks/main.yml b/zulip/tasks/main.yml
index cc64fff0..f86e4f04 100644
--- a/zulip/tasks/main.yml
+++ b/zulip/tasks/main.yml
@@ -1,16 +1,3 @@
 ---
-- block:
-    - name: Unpack the zulip distribution
-      unarchive: src={{ zulip_download_url }} dest=/srv remote_src=yes
-
-    - name: Setup a link for the ssl certificate file
-      file: src={{ letsencrypt_acme_certs_dir }}/fullchain dest={{ zulip_ssl_cert_file }} state=link
-      when: letsencrypt_acme_install
-
-    - name: Setup a link for the ssl key file
-      file: src={{ letsencrypt_acme_certs_dir }}/privkey dest={{ zulip_ssl_key_file }} state=link
-      when: letsencrypt_acme_install
-
-  when: zulip_install
-  tags: [ 'zulip' ]
-
+- import_tasks: zulip.yml
+- import_tasks: zulip-letsencrypt.yml
diff --git a/zulip/tasks/zulip-letsencrypt.yml b/zulip/tasks/zulip-letsencrypt.yml
new file mode 100644
index 00000000..6f54a9b1
--- /dev/null
+++ b/zulip/tasks/zulip-letsencrypt.yml
@@ -0,0 +1,28 @@
+---
+- block:
+    - name: Setup a link for the ssl certificate file
+      file: src={{ letsencrypt_acme_certs_dir }}/fullchain dest={{ zulip_ssl_cert_file }} state=link
+      when: letsencrypt_acme_install
+
+    - name: Setup a link for the ssl key file
+      file: src={{ letsencrypt_acme_certs_dir }}/privkey dest={{ zulip_ssl_key_file }} state=link
+      when: letsencrypt_acme_install
+
+    - name: Create the acme hooks directory if it does not yet exist
+      file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
+
+    - name: Install a letsencrypt hook for nginx
+      copy: src=nginx-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/nginx owner=root group=root mode=4555
+
+  when:
+    - letsencrypt_acme_install is defined and letsencrypt_acme_install
+    - zulip_letsencrypt_managed
+  tags: [ 'zulip', 'letsencrypt' ]
+
+- block:
+    - name: Remove the letsencrypt hook for nginx
+      file: path={{ letsencrypt_acme_services_scripts_dir }}/nginx state=absent
+
+  when: not zulip_letsencrypt_managed
+  tags: [ 'zulip', 'letsencrypt' ]
+
diff --git a/zulip/tasks/zulip.yml b/zulip/tasks/zulip.yml
new file mode 100644
index 00000000..9ea944fc
--- /dev/null
+++ b/zulip/tasks/zulip.yml
@@ -0,0 +1,7 @@
+---
+- block:
+    - name: Unpack the zulip distribution
+      unarchive: src={{ zulip_download_url }} dest=/srv remote_src=yes
+
+  when: zulip_install
+  tags: [ 'zulip' ]