diff --git a/roles/registrator/tasks/main.yml b/roles/registrator/tasks/main.yml
index 25fb1fd..fb49f81 100644
--- a/roles/registrator/tasks/main.yml
+++ b/roles/registrator/tasks/main.yml
@@ -58,17 +58,41 @@
     dest: /home/registrator/registrator
     force: yes
 
+- name: Create log/data/config directories
+  file:
+    dest: "/home/registrator/{{ item }}"
+    owner: registrator
+    state: directory
+  loop:
+    - data
+    - logs
+    - spool
+    - registrator/spool
+
+- name: Create config directory
+  file:
+    dest: "/home/registrator/registrator/conf"
+    owner: registrator 
+    group: www-data
+    state: directory
+    mode: 0750
+
 - name: Configure registrator settings
   template:
     dest: "/home/registrator/registrator/conf/{{ item }}"
     src: "{{ item }}.j2"
     owner: registrator
-    group: registrator
-    mode: 0600
+    group: www-data
+    mode: 0640
     force: no
   loop:
     - loginconf.php
 
+- name: Enable site for Apache
+  template:
+    dest: "/etc/apache2/conf.d/zzz-{{ dns_name }}.conf"
+    src: "zzz-registrator.conf.j2"
+
 - name: Create utility / cronjob scripts
   copy:
     dest: "/home/registrator/{{ item }}"
@@ -81,15 +105,6 @@
     - push_siemens_to_spica.sh
     - garaze_racunovodstvo.sh
 
-- name: Create log/data directories
-  file:
-    dest: "/home/registrator/{{ item }}"
-    owner: registrator
-  loop:
-    - data
-    - logs
-    - spool
-
 - name: Create garaze config
   copy:
     dest: "/home/registrator/garaze_recipients.txt"
diff --git a/roles/registrator/templates/zzz-registrator.conf.j2 b/roles/registrator/templates/zzz-registrator.conf.j2
new file mode 100644
index 0000000..929caf0
--- /dev/null
+++ b/roles/registrator/templates/zzz-registrator.conf.j2
@@ -0,0 +1,43 @@
+<IfModule mod_ssl.c>
+<Virtualhost *:443>
+DocumentRoot /home/registrator/registrator
+<Directory "/home/registrator/registrator">
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks
+
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   AllowOverride FileInfo AuthConfig Limit
+    #
+    AllowOverride None
+
+    #
+    # Controls who can get stuff from this server.
+    #
+    AuthType openid-connect
+    Require valid-user
+</Directory>
+
+ServerName {{ dns_name }}
+Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/{{dns_name}}/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/{{dns_name}}/privkey.pem
+</Virtualhost>
+</IfModule>
+<IfModule mod_ssl.c>
+<Virtualhost *:80>
+ServerName {{ dns_name }}
+</Virtualhost>
+</IfModule>