diff --git a/manifests/init.pp b/manifests/init.pp
index d3c81b1f0672612e7a7476023a4833b3e25d8f8f..57c534c1b57147cbb37c1304aca4e4202c4e8f1f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,6 +3,7 @@ class openbright (
   String $www_root = '/usr/share/nginx/html',
   Array[String] $index_files = ['index.html'],
 ) {
+  include profiles::letsencrypt
   include nginx
   include liurepo::postgres
 
@@ -20,8 +21,6 @@ class openbright (
     provider => 'dnfmodule',
   }
 
-  profiles::letsencrypt::cert { fact('networking.fqdn'): }
-
   package {
     [
       'postgresql15-server',
@@ -31,33 +30,34 @@ class openbright (
       ensure => installed,
   }
 
-  nginx::resource::server { fact('networking.fqdn'):
-    ensure              => present,
-    www_root            => $www_root,
-    location_cfg_append => {
-      'rewrite' => '^ https://$server_name$request_uri? permanent',
-    },
-  }
+  if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
+    nginx::resource::server { fact('networking.fqdn'):
+      ensure              => present,
+      www_root            => $www_root,
+      location_cfg_append => {
+        'rewrite' => '^ https://$server_name$request_uri? permanent',
+      },
+    }
 
-  nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
-    ensure        => present,
-    listen_port   => 443,
-    www_root      => $www_root,
-    index_files   => $index_files,
-    ssl           => true,
-    ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
-    ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
-    ssl_protocols => 'TLSv1.3 TLSv1.2',
-    ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
-    require       => Profiles::Letsencrypt::Cert[fact('networking.fqdn')],
-  }
+    nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
+      ensure        => present,
+      listen_port   => 443,
+      www_root      => $www_root,
+      index_files   => $index_files,
+      ssl           => true,
+      ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
+      ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
+      ssl_protocols => 'TLSv1.3 TLSv1.2',
+      ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
+    }
 
-  nginx::resource::location { '/app/':
-    ensure   => present,
-    ssl      => true,
-    ssl_only => true,
-    server   => "${fact('networking.fqdn')} HTTPS",
-    proxy    => 'http://localhost:8100/',
+    nginx::resource::location { '/app/':
+      ensure   => present,
+      ssl      => true,
+      ssl_only => true,
+      server   => "${fact('networking.fqdn')} HTTPS",
+      proxy    => 'http://localhost:8100/',
+    }
   }
 
   firewalld_service {