diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
index 634c046..789ce50 100644
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -29,4 +29,5 @@ evobsd_dumpserverstate_include: true
 evobsd_install_url: "https://cdn.openbsd.org/pub/OpenBSD"
 
 # default_ssl.yml
-evobsd_default_ssl_cert: true
\ No newline at end of file
+evobsd_default_ssl_cert: true
+evobsd_ssl_cert_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
diff --git a/roles/base/tasks/default_ssl.yml b/roles/base/tasks/default_ssl.yml
index b002afd..6b70450 100644
--- a/roles/base/tasks/default_ssl.yml
+++ b/roles/base/tasks/default_ssl.yml
@@ -12,14 +12,14 @@
         state: directory
       ignore_errors: '{{ ansible_check_mode }}'
 
-    - name: Create private key and csr for default site ({{ ansible_fqdn }})
+    - name: Create private key and csr for default site ({{ evobsd_ssl_cert_hostname }})
       ansible.builtin.command:
-        cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
+        cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key -out /etc/ssl/{{ evobsd_ssl_cert_hostname }}.csr -batch -subj "/CN={{ evobsd_ssl_cert_hostname }}"
       args:
-        creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
+        creates: "/etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key"
 
     - name: Create certificate for default site
       ansible.builtin.command:
-        cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
+        cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evobsd_ssl_cert_hostname }}.csr -signkey /etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key -out /etc/ssl/certs/{{ evobsd_ssl_cert_hostname }}.crt
       args:
-        creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
\ No newline at end of file
+        creates: "/etc/ssl/certs/{{ evobsd_ssl_cert_hostname }}.crt"
diff --git a/roles/nagios-nrpe/defaults/main.yml b/roles/nagios-nrpe/defaults/main.yml
index cb9a238..6d0bcb4 100644
--- a/roles/nagios-nrpe/defaults/main.yml
+++ b/roles/nagios-nrpe/defaults/main.yml
@@ -6,3 +6,5 @@ nagios_nrpe_allowed_hosts:
   | union(nagios_nrpe_additional_allowed_hosts) | unique }}"
 
 nagios_nrpe_default_ntp_server: "pool.ntp.org"
+
+evobsd_ssl_cert_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
diff --git a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
index 98f427f..3ba619c 100644
--- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
+++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
@@ -2,8 +2,8 @@
 allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
 
 # SSL Certificate
-ssl_cert_file=/etc/ssl/certs/{{ ansible_fqdn }}.crt
-ssl_privatekey_file=/etc/ssl/private/{{ ansible_fqdn }}.key
+ssl_cert_file=/etc/ssl/certs/{{ evobsd_ssl_cert_hostname }}.crt
+ssl_privatekey_file=/etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key
 
 {% if ansible_distribution_version is version_compare("7.2",'>=') %}
 # Allow older cipher suites for older Icinga version
diff --git a/vars/main.yml b/vars/main.yml
index c7d6de7..c73fb66 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -27,6 +27,8 @@
 # evobsd_ssh_group: "foo-ssh"
 # evobsd_sudo_group: "foo-sudo"
 #
+# evobsd_ssl_cert_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
+#
 # evolix_users:
 #  foo:
 #    name: foo