diff --git a/CHANGELOG b/CHANGELOG
index 3e77087..53a00b0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -87,6 +87,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
 * base: configure "/var/log" for servers that have a mount on it
 * nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP
+* nagios-nrpe: configure server certificate for nrpe daemon
 
 ### Fixed
 
diff --git a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
index 1786b2a..98f427f 100644
--- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
+++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
@@ -1,6 +1,10 @@
 # Allowed IPs
 allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
 
+# SSL Certificate
+ssl_cert_file=/etc/ssl/certs/{{ ansible_fqdn }}.crt
+ssl_privatekey_file=/etc/ssl/private/{{ ansible_fqdn }}.key
+
 {% if ansible_distribution_version is version_compare("7.2",'>=') %}
 # Allow older cipher suites for older Icinga version
 ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0