diff --git a/.gitignore b/.gitignore
index d5649d75..13f2924c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .kitchen/
+.vagrant/
diff --git a/evoacme/handlers/main.yml b/evoacme/handlers/main.yml
index 03538de9..c619715c 100644
--- a/evoacme/handlers/main.yml
+++ b/evoacme/handlers/main.yml
@@ -13,3 +13,8 @@
 - name: apt update
   apt:
     update_cache: yes
+
+- name: reload squid3
+  service:
+    name: squid3
+    state: reloaded
diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml
index 6b978604..dbb40f1b 100644
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@@ -3,7 +3,7 @@
 - block:
   - name: install jessie-backports
     include_role:
-      name: "{{ roles }}/apt-repositories"
+      name: apt-repositories
     vars:
       apt_repositories_install_backports: True
 
@@ -53,3 +53,18 @@
     src: certbot.cron
     dest: /etc/cron.daily/certbot
     mode: "0755"
+
+- name: Find squid3 config whitelist
+  shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
+  failed_when: false
+  changed_when: false
+  check_mode: no
+  register: squid3_whitelist_files
+
+- name: Let's Encrypt OCSP server is authorized by squid
+  lineinfile:
+    dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
+    line: "http://ocsp.int-x3.letsencrypt.org/.*"
+    state: present
+  notify: reload squid3
+  when: squid3_whitelist_files.stdout != ""
diff --git a/evoacme/tests/Vagrantfile b/evoacme/tests/Vagrantfile
new file mode 100644
index 00000000..f632c5ed
--- /dev/null
+++ b/evoacme/tests/Vagrantfile
@@ -0,0 +1,30 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = "debian/jessie64"
+
+  config.vm.synced_folder "./vagrant_share/", "/vagrant", disabled: true
+
+  config.vm.provider :virtualbox do |v|
+    v.memory = 2048
+    v.cpus = 2
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # Master
+  config.vm.define :default do |default|
+    default.vm.hostname = "default"
+    default.vm.provision :ansible, run: "always" do |ansible|
+      ansible.limit = "default"
+      ansible.playbook = "vagrant.yml"
+      # ansible.tags = "mysql"
+      # ansible.raw_arguments = ["-b", "--ask-vault-pass"]
+      ansible.raw_arguments = ["-vv"]
+    end
+  end
+
+end
diff --git a/evoacme/tests/vagrant.yml b/evoacme/tests/vagrant.yml
new file mode 100644
index 00000000..9eb9077d
--- /dev/null
+++ b/evoacme/tests/vagrant.yml
@@ -0,0 +1,9 @@
+- hosts: default
+  gather_facts: yes
+  become: yes
+
+  roles:
+  # - squid
+  - evoacme
+
+# vim:ft=ansible