diff --git a/host_vars/srv01 b/host_vars/srv01
index 57a217e..eab5688 100644
--- a/host_vars/srv01
+++ b/host_vars/srv01
@@ -1,2 +1,10 @@
+basics_ssh_match_blocks:
+  - match: User certsync
+    options:
+      - AuthorizedKeysFile /home/certsync/authorized_keys
+      - ChrootDirectory /home/certsync/root
+      - ForceCommand internal-sftp
 nginx_resolver: 192.76.134.90 212.12.50.158
 updates_letsencrypt_local: true
+updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
+updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
diff --git a/host_vars/srv03 b/host_vars/srv03
index 84f66b3..2f01911 100644
--- a/host_vars/srv03
+++ b/host_vars/srv03
@@ -1,5 +1,6 @@
+certsync_host: srv01.hamburg.freifunk.net
 nginx_resolver: 80.252.105.162 80.252.105.194
-updates_letsencrypt_srv02: true
+updates_letsencrypt_srv01: true
 updates_owner: www-data
 updates_root: /var/www/updates
 updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt