diff --git a/inventories/chaosknoten/host_vars/mumble.yaml b/inventories/chaosknoten/host_vars/mumble.yaml
new file mode 100644
index 0000000..b290aa1
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/mumble.yaml
@@ -0,0 +1,13 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/compose/compose.yaml') }}"
+docker_compose__configuration_files: [ ]
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
+certbot__certificate_domains:
+  - "mumble.hamburg.ccc.de"
+certbot__http_01_port: 80
+
+nginx__version_spec: ""
+nginx__configurations:
+  - name: mumble.hamburg.ccc.de
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/mumble.hamburg.ccc.de.conf') }}"
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index b6d7839..6c29a4e 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -24,6 +24,10 @@ all:
           ansible_host: lists.hamburg.ccc.de
           ansible_port: 42666
           ansible_user: chaos
+        mumble:
+          ansible_host: mumble.hamburg.ccc.de
+          ansible_port: 42666
+          ansible_user: chaos
         onlyoffice:
           ansible_host: onlyoffice-intern.hamburg.ccc.de
           ansible_user: chaos
@@ -82,6 +86,7 @@ all:
         hackertours:
         keycloak:
         lists:
+        mumble:
         onlyoffice:
         pad:
         wiki:
diff --git a/playbooks/roles/certbot/defaults/main.yaml b/playbooks/roles/certbot/defaults/main.yaml
new file mode 100644
index 0000000..c05e772
--- /dev/null
+++ b/playbooks/roles/certbot/defaults/main.yaml
@@ -0,0 +1 @@
+certbot__http_01_port: 31820
\ No newline at end of file
diff --git a/playbooks/roles/certbot/meta/argument_specs.yaml b/playbooks/roles/certbot/meta/argument_specs.yaml
index b604bcb..56f94cd 100644
--- a/playbooks/roles/certbot/meta/argument_specs.yaml
+++ b/playbooks/roles/certbot/meta/argument_specs.yaml
@@ -19,3 +19,10 @@ argument_specs:
         type: list
         elements: str
         required: true
+      certbot__http_01_port:
+        description: |
+          The port number the bot listens on. Must be 80 if directly exposed to the internet.
+          Default is 31820 for the public-reverse-proxy setup.
+        type: str
+        required: false
+        default: 31820
diff --git a/playbooks/roles/certbot/tasks/main/cert.yaml b/playbooks/roles/certbot/tasks/main/cert.yaml
index dacfae7..d829fb1 100644
--- a/playbooks/roles/certbot/tasks/main/cert.yaml
+++ b/playbooks/roles/certbot/tasks/main/cert.yaml
@@ -6,7 +6,7 @@
   register: certbot__cert_expiry_before
 
 - name: obtain the certificate using certbot
-  ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}"
+  ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port "{{ certbot__http_01_port }}" -d "{{ item }}"
   become: true
   changed_when: false