diff --git a/.gitmodules b/.gitmodules
index f82e9fe43cd5a15654e38ab251e240417a92e10d..f6e7d4b55ed1f3ac1bbb40de5a5c45da2f93427e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,3 +7,6 @@
 [submodule "roles/rp"]
 	path = roles/rp
 	url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/rp.git
+[submodule "roles/alternc"]
+	path = roles/alternc
+	url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/alternc.git
diff --git a/ansible.cfg b/ansible.cfg
index 342523185d888346b256a4ae948876307557929a..c829c80b2815783af0ce88131629c8c73d3fb7fd 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,7 @@
 [defaults]
 inventory = hosts
 retry_files_enabled = False
+vault_password_file = .password
 
 [diff]
 always = yes
diff --git a/host_vars/pi3.lqdn.fr.yml b/host_vars/pi3.lqdn.fr.yml
index f2ffcdd67ceecce4ad88c8dbb83aab49020a48b7..529e0d40d531cefae770c2d0e04be0e2d5ad7410 100644
--- a/host_vars/pi3.lqdn.fr.yml
+++ b/host_vars/pi3.lqdn.fr.yml
@@ -52,7 +52,7 @@ wordpress_wildcard_keyfile: /etc/letsencrypt/live/grange.dev.lqdn.fr/privkey.pem
 
 wordpress_vhost:
     - servername: "grange.dev.lqdn.fr"
-      serveralias: "*.grange.dev.lqdn.fr"
+      serveralias: "\*.grange.dev.lqdn.fr"
       documentroot: "{{ wordpress_path }}"
       allow_override: "All"
       #certificate_file: "{{ wordpress_wildcard_certfile }}"
@@ -63,12 +63,20 @@ wordpress_vhost:
 
 
 
-#certbot_create_command: "{{ certbot_script }} certonly --webroot --webrootpath /var/www/letsencrypt/ --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(,)"
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+    - apache2
 
-#certbot_certs:
-#    - domains:
-#        - "grange.dev.lqdn.fr"
-#        - "*.grange.dev.lqdn.fr"
+certbot_create_command: "{{ certbot_script }} certonly --noninteractive --manual --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok --preferred-challenges=dns --agree-tos --manual-auth-hook /usr/local/bin/certbot-auth.php --manual-cleanup-hook /usr/local/bin/certbot-cleanup.php -d {{cert_item.domains | join(',') }}"
+
+certbot_certs:
+    - domains:
+        - "grange.dev.lqdn.fr"
+        - "*.grange.dev.lqdn.fr"
+      email: "okhin@laquadrature.net"
+
+certbot_create_if_missing: True
+certbot_admin_email: okhin@laquadrature.net
 
 rp_path: /srv/rp
 rp_source_path: /srv/rp/rp-rp2
@@ -89,7 +97,7 @@ rp_vhost:
       serveralias: "rp2.dev.lqdn.fr rp.dev.laquadrature.net rp2.dev.laquadrature.net"
       documentroot: "{{ rp_path }}"
       uwsgi:
-          socket: /run/uwsgi/app/rp/socket
+          socket: /run/uwsgi/app/rp2/socket
       statics:
           - alias: /static/
             path: "{{ rp_source_path }}/static/static_root/"
@@ -102,3 +110,17 @@ nodejs_packages_update_cache: no
 npm_packages:
     - yarn
     - webpack
+
+# Altern-C configuration
+alternc_username: pi
+alternc_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36646462633066656439643964376532663562346630333534386366313135303562373464316662
+          3064366534356637623139343132343665623034346239330a643230396666396262383464323266
+          33353037656233326262343939303064653962303364343361396661393762323666333538663838
+          3934383264643161340a623232333162366163623839663930356262636166313563313638393432
+          6261
+alternc_panel_url: https://pi.lqdn.fr/
+alternc_token_file: /root/.alternc-token
+alternc_token_url: "{{ alternc_panel_url }}api/auth/login?login={{ alternc_username }}&password={{ alternc_password | trim }}&duration=3650"
+alternc_domain_root: lqdn.fr
diff --git a/roles/alternc b/roles/alternc
new file mode 160000
index 0000000000000000000000000000000000000000..839880e2e2adcfdead58dde5a7c1b1dbc3ff9da6
--- /dev/null
+++ b/roles/alternc
@@ -0,0 +1 @@
+Subproject commit 839880e2e2adcfdead58dde5a7c1b1dbc3ff9da6
diff --git a/roles/rp b/roles/rp
index 1b52ee2a2d8d92644011c3e146a55926ddc67087..b0b7629dbee68e166b32becd071b8fc61d2acf69 160000
--- a/roles/rp
+++ b/roles/rp
@@ -1 +1 @@
-Subproject commit 1b52ee2a2d8d92644011c3e146a55926ddc67087
+Subproject commit b0b7629dbee68e166b32becd071b8fc61d2acf69
diff --git a/site.yml b/site.yml
index 362a39582c8ce06ae15a64dd1edeef846a47e041..095275b7c3b69cb3eef77d601e52948a77353e02 100644
--- a/site.yml
+++ b/site.yml
@@ -11,6 +11,7 @@
       - role: geerlingguy.mysql
       - role: geerlingguy.php
       - role: geerlingguy.php-mysql
+      - role: alternc
       - role: geerlingguy.certbot
       - role: geerlingguy.apache
         vars: