diff --git a/defaults/main.yml b/defaults/main.yml
index afb01be..3bb1724 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,7 +3,7 @@ mailname: "{{inventory_hostname}}"
 postfix_method: postfixadmin
 
 postfix_smtp_service: true
-postfix_submission_service: false
+postfix_submission_service: true
 
 postfix_postfixadmin_mysql_host: localhost
 postfix_postfixadmin_mysql_database: postfixadmin
@@ -19,4 +19,7 @@ postfix_virtual_transport: lmtp:unix:private/dovecot-lmtp
 
 postfix_submission_service_smtpd_sasl_path: private/auth
 
-postfix_smtps_service: false
+postfix_smtps_service: true
+
+postfix_certificate_fullchain_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
+postfix_certificate_private_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 9055b51..3fa4748 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -35,8 +35,8 @@ inet_protocols = all
 
 ### TLS parameters
 
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file={{postfix_certificate_fullchain_file}}
+smtpd_tls_key_file={{postfix_certificate_private_key_file}}
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache