diff --git a/inventories/z9/host_vars/esphome.yaml b/inventories/z9/host_vars/esphome.yaml
index 9b7825c..aed227f 100644
--- a/inventories/z9/host_vars/esphome.yaml
+++ b/inventories/z9/host_vars/esphome.yaml
@@ -1,11 +1,10 @@
 esphome__version: "2023.7.0"
-cert__acme_account_email: jannes+letsencrypt-ccchh@grzb.de
-cert__domains:
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: jannes+letsencrypt-ccchh@grzb.de
+certbot__certificate_domains:
   - "esphome.ccchh.net"
-cert__bind_9_host: authoritative-dns
-cert__bind_9_zone: ccchh.net
-cert__handlers:
-  - Restart `nginx.service`
+
 nginx__version_spec: ""
 nginx__configurations:
   - name: esphome
diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml
index 16cd681..d10dd75 100644
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@@ -51,10 +51,10 @@ all:
         engelsystem:
     cert_hosts:
       hosts:
-        esphome:
         engelsystem:
     certbot_hosts:
       hosts:
+        esphome:
         zigbee2mqtt:
         keycloak:
         wiki:
diff --git a/playbooks/files/configs/esphome/nginx/esphome.conf b/playbooks/files/configs/esphome/nginx/esphome.conf
index f819334..1cdc701 100644
--- a/playbooks/files/configs/esphome/nginx/esphome.conf
+++ b/playbooks/files/configs/esphome/nginx/esphome.conf
@@ -9,10 +9,10 @@ server {
 
     server_name esphome.ccchh.net;
 
-    ssl_certificate /etc/ansible_certs/certs/esphome.ccchh.net/fullchain.pem;
-    ssl_certificate_key /etc/ansible_certs/certs/esphome.ccchh.net/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/esphome.ccchh.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/esphome.ccchh.net/privkey.pem;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
-    ssl_trusted_certificate /etc/ansible_certs/certs/esphome.ccchh.net/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/esphome.ccchh.net/chain.pem;
 
     add_header Strict-Transport-Security "max-age=63072000" always;
 
diff --git a/playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf b/playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf
index a7fab56..8e0d667 100644
--- a/playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf
@@ -10,6 +10,7 @@ map $host $upstream_acme_challenge_host {
     zigbee2mqtt.ccchh.net 10.31.208.25:31820;
     id.ccchh.net 10.31.206.12:31820;
     keycloak-admin.ccchh.net 10.31.206.12:31820;
+    esphome.ccchh.net 10.31.208.24:31820;
     default "";
 }