diff --git a/tasks/generate_cert.yml b/tasks/generate_cert.yml
new file mode 100644
index 0000000..333b4a4
--- /dev/null
+++ b/tasks/generate_cert.yml
@@ -0,0 +1,10 @@
+# generate_cert.yml
+---
+- name: check if privkey exists
+  ansible.builtin.command: '[ -f "/etc/letsencrypt/live/{{ item.domain }}/README" ]'
+  register: result
+  ignore_errors: true
+
+- name: generate certificate
+  ansible.builtin.command: 'certbot certonly --standalone --preferred-challenge http-01 -d {{ item.domain }}'
+  when: result is failure
diff --git a/tasks/main.yml b/tasks/main.yml
index 5ba915b..ad4f4f4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -4,3 +4,8 @@
   ansible.builtin.package:
     name: certbot
     state: present
+
+# generate certs for new domains
+- include_tasks: generate_cert.yml
+  loop: "{{ domains }}"
+
diff --git a/vars/main.yml b/vars/main.yml
index d158fe5..23bf4b0 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,7 @@
 ---
-# vars file for certbot
+# vars file for nginx-ssl on privtorrents.actcur.com
+
+domains:
+  - domain: privtorrents.actcur.com
+
+# end of file