diff --git a/roles/apache-letsencrypt/defaults/main.yml b/roles/apache-letsencrypt/defaults/main.yml
new file mode 100644
index 0000000..4abe7fe
--- /dev/null
+++ b/roles/apache-letsencrypt/defaults/main.yml
@@ -0,0 +1,3 @@
+# Defaults for role apache-letsencrypt
+---
+dehydrated_location: "/usr/local/etc/dehydrated"
diff --git a/roles/apache-letsencrypt/handlers/main.yml b/roles/apache-letsencrypt/handlers/main.yml
new file mode 100644
index 0000000..04949e9
--- /dev/null
+++ b/roles/apache-letsencrypt/handlers/main.yml
@@ -0,0 +1,6 @@
+# Handlers for role apache-letsencrypt
+---
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted
diff --git a/roles/apache-letsencrypt/tasks/main.yml b/roles/apache-letsencrypt/tasks/main.yml
new file mode 100644
index 0000000..b51f3a7
--- /dev/null
+++ b/roles/apache-letsencrypt/tasks/main.yml
@@ -0,0 +1,20 @@
+# Tasks for role apache-letsencrypt
+---
+- name: Create configuration for access to dehydrated location
+  ansible.builtin.template:
+    src: templates/letsencrypt-directory.conf.j2
+    dest: /etc/apache2/conf-available/letsencrypt-directory.conf
+    mode: "0644"
+    owner: root
+    group: root
+  notify: restart apache2
+
+- name: Add symlink to enable configuration
+  ansible.builtin.file:
+    src: /etc/apache2/conf-available/letsencrypt-directory.conf
+    dest: /etc/apache2/conf-enabled/letsencrypt-directory.conf
+    state: link
+    mode: "0644"
+    owner: root
+    group: root
+  notify: restart apache2
diff --git a/roles/apache-letsencrypt/templates/letsencrypt-directory.conf.j2 b/roles/apache-letsencrypt/templates/letsencrypt-directory.conf.j2
new file mode 100644
index 0000000..a514c34
--- /dev/null
+++ b/roles/apache-letsencrypt/templates/letsencrypt-directory.conf.j2
@@ -0,0 +1,3 @@
+<Directory {{ dehydrated_location }}/challenge>
+        Require all granted
+</Directory>