diff --git a/defaults/main.yaml b/defaults/main.yaml
index 38f3821..50346fd 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -3,3 +3,5 @@
 buildbot_db_name: buildbot
 buildbot_db_user: buildbot
 buildbot_db_pass: "{{ ansible_local.buildbot.database_password }}"
+
+buildbot_server_name: "{{ inventory_hostname }}"
diff --git a/handlers/main.yaml b/handlers/main.yaml
index e426141..1768188 100644
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@@ -4,7 +4,7 @@
   systemd:
     daemon_reload: yes
 
-- name: reload buildbot service
+- name: restart buildbot service
   systemd:
-    state: reloaded
+    state: restarted
     name: buildbot@master.service
diff --git a/tasks/main.yaml b/tasks/main.yaml
index b6d51d1..6ab9fec 100644
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -23,6 +23,11 @@
     name: buildbot_gitea
     executable: pip3
 
+- name: install service_identity
+  pip:
+    name: service_identity
+    executable: pip3
+
 - name: buildbot system group
   group:
     name: buildbot
@@ -65,7 +70,7 @@
   template:
     src: buildbot/master.cfg.j2
     dest: /var/lib/buildbot/master/master.cfg
-  notify: reload buildbot service
+  notify: restart buildbot service
 
 - meta: flush_handlers
 
@@ -73,3 +78,20 @@
   systemd:
     state: started
     name: buildbot@master.service
+
+- include_role:
+    name: certificate
+  vars:
+    certificate_name: buildbot
+    certificate_directory: /etc/ssl
+    certificate_key_usage:
+      - digitalSignature
+      - keyEncipherment
+    certificate_extended_key_usage:
+      - serverAuth
+    certificate_common_name: "{{ buildbot_server_name }}"
+
+- include_role:
+    name: nginx
+  vars:
+    nginx_vhosts: "{{ buildbot_nginx_vhosts }}"