diff --git a/files/egg.conf b/files/egg.conf
index 437874dab071edaf4dd7a480eb89a8cfe54969d9..470620adee127584b712d53e81a61ea4f6635f39 100644
--- a/files/egg.conf
+++ b/files/egg.conf
@@ -19,18 +19,24 @@ server {
 }
 
 server {
+        listen [::]:80 ipv6only=on ;
         listen 80;
+
         server_name ntadigital.it.liu.se;
 
         location / {
-            return 301 http://egg.it.liu.se;
+            return 301 https://egg.it.liu.se;
         }
 }
 
 server {
-        listen 80;
+        listen [::]:443 ssl ipv6only=on ;
+        listen 443 ssl ;
         server_name egg.it.liu.se;
 
+        ssl_certificate /etc/pki/tls/certs/letsencrypt-cert_chain-egg.devel.it.liu.se.pem  ;
+        ssl_certificate_key /etc/pki/tls/private/letsencrypt-egg.devel.it.liu.se.key ;
+
         client_max_body_size 0;
 
         location = /favicon.ico {
diff --git a/manifests/nginx.pp b/manifests/nginx.pp
index e4105f6996b69a3b44126a96aaddc7fe848cb33f..41f543397936ce0492b84071c9d67b888c9653c3 100644
--- a/manifests/nginx.pp
+++ b/manifests/nginx.pp
@@ -1,7 +1,10 @@
 # intelligent comment here
 class egg::nginx () {
   $hostname = fact( 'networking.fqdn' )
-  $hostalias = []
+  $hostalias = ['teman.it.liu.se', 'ntadigital.it.liu.se', 'egg.it.liu.se']
+  profiles::letsencrypt::cert { $hostname :
+    addn_domains => $hostalias
+  }
   package { 'nginx':
     ensure => 'installed',
   }
@@ -20,7 +23,7 @@ class egg::nginx () {
 
   # Housekeeping
   service { 'nginx':
-    ensure => 'running',
+    ensure => 'stopped',
     enable => true,
   }
   firewalld_service { 'Allow http in the liu Zone':