diff --git a/CHANGELOG.md b/CHANGELOG.md
index aaf4836e..bf5d40eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ The **patch** part changes incrementally at each release.
 * elasticsearch: configure cluster with seed hosts and initial masters
 * evoacme: upstream release 20.06.1
 * evoacme: read values from environment before defaults file
+* evoacme: update for new certbot role
 * haproxy: deport SSL tuning to Mozilla SSL generator
 * haproxy: chroot and socket path are configurable
 * haproxy: adapt backports installed package list to distibution
diff --git a/evoacme/tasks/acme.yml b/evoacme/tasks/acme.yml
deleted file mode 100644
index 16417ca6..00000000
--- a/evoacme/tasks/acme.yml
+++ /dev/null
@@ -1,61 +0,0 @@
----
-- name: Create acme group
-  group:
-    name: acme
-    state: present
-
-- name: Create acme user
-  user:
-    name: acme
-    group: acme
-    state: present
-    createhome: no
-    home: "{{ evoacme_acme_dir }}"
-    shell: /bin/false
-    system: yes
-
-- name: Fix crt dir's right
-  file:
-    path: "{{ evoacme_crt_dir }}"
-    mode: "0755"
-    owner: acme
-    group: acme
-    state: directory
-
-- name: "Fix hooks directory permissions"
-  file:
-    path: "{{ evoacme_hooks_dir }}"
-    mode: "0700"
-    owner: acme
-    group: acme
-    state: directory
-
-- name: Fix log dir's right
-  file:
-    path: "{{ evoacme_log_dir }}"
-    mode: "0755"
-    owner: acme
-    group: acme
-    state: directory
-
-- name: Fix challenge dir's right
-  file:
-    path: "{{ evoacme_acme_dir }}"
-    mode: "0755"
-    owner: acme
-    group: acme
-    state: directory
-
-- name: Is /etc/aliases present?
-  stat:
-    path: /etc/aliases
-  register: etc_aliases
-
-- name: Set acme aliases
-  lineinfile:
-    state: present
-    dest: /etc/aliases
-    line: 'acme: root'
-    regexp: 'acme:'
-  when: etc_aliases.stat.exists
-  notify: "newaliases"
diff --git a/evoacme/tasks/apache.yml b/evoacme/tasks/apache.yml
deleted file mode 100644
index f12aee32..00000000
--- a/evoacme/tasks/apache.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-- name: Create conf dirs
-  file:
-    path: "/etc/apache2/{{ item }}"
-    state: directory
-  with_items:
-    - 'conf-available'
-    - 'conf-enabled'
-
-- name: Copy acme challenge conf
-  template:
-    src: templates/apache.conf.j2
-    dest: /etc/apache2/conf-available/letsencrypt.conf
-    owner: root
-    group: root
-    mode: "0644"
-  notify: reload apache2
-
-- name: Enable acme challenge conf
-  file:
-    src: /etc/apache2/conf-available/letsencrypt.conf
-    dest: /etc/apache2/conf-enabled/letsencrypt.conf
-    state: link
-    owner: root
-    group: root
-  notify: reload apache2
diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml
index 5e18cfec..0577abbe 100644
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@@ -1,45 +1,20 @@
 ---
-
-- name: Use backports for jessie
-  block:
-    - name: install jessie-backports
-      include_role:
-        name: evolix/apt
-        tasks_from: backports.yml
-
-    - name: Add exceptions for certbot dependencies
-      copy:
-        src: backports-certbot
-        dest: /etc/apt/preferences.d/z-backports-certbot
-      notify: apt update
-
-    - meta: flush_handlers
-  when: ansible_distribution_release == "jessie"
-
-- name: Install certbot with apt
-  apt:
-    name: certbot
-    state: latest
+- include_role:
+    name: evolix/certbot
 
 - include_role:
     name: evolix/remount-usr
 
-- name: Remove certbot symlink for apt install
-  file:
-    path: /usr/local/bin/certbot
-    state: absent
 
 - name: Disable /etc/cron.d/certbot
-  command: mv /etc/cron.d/certbot /etc/cron.d/certbot.disabled
+  command: mv -f /etc/cron.d/certbot /etc/cron.d/certbot.disabled
   args:
     removes: /etc/cron.d/certbot
-    creates: /etc/cron.d/certbot.disabled
 
 - name: Disable /etc/cron.daily/certbot
-  command: mv /etc/cron.daily/certbot /etc/cron.daily/certbot.disabled
+  command: mv -f /etc/cron.daily/certbot /etc/cron.daily/certbot.disabled
   args:
     removes: /etc/cron.daily/certbot
-    creates: /etc/cron.daily/certbot.disabled
 
 - name: Install evoacme custom cron
   copy:
diff --git a/evoacme/tasks/evoacme_hook.yml b/evoacme/tasks/evoacme_hook.yml
index 200bcbc4..51dbb21c 100644
--- a/evoacme/tasks/evoacme_hook.yml
+++ b/evoacme/tasks/evoacme_hook.yml
@@ -1,5 +1,10 @@
 ---
 
+- name: "Create {{ hook_name }} hook directory"
+  file:
+    dest: "{{ evoacme_hooks_dir }}"
+    state: directory
+
 - name: "Search for {{ hook_name }} hook"
   command: "find {{ evoacme_hooks_dir }} -type f \\( -name '{{ hook_name }}' -o -name '{{ hook_name }}.*' \\)"
   check_mode: no
diff --git a/evoacme/tasks/main.yml b/evoacme/tasks/main.yml
index ac20cabb..1baede00 100644
--- a/evoacme/tasks/main.yml
+++ b/evoacme/tasks/main.yml
@@ -7,7 +7,7 @@
 
 - include: certbot.yml
 
-- include: acme.yml
+- include: permissions.yml
 
 - include: evoacme_hook.yml
   vars:
@@ -22,21 +22,3 @@
 - include: conf.yml
 
 - include: scripts.yml
-
-- name: Determine Apache presence
-  stat:
-    path: /etc/apache2/apache2.conf
-  check_mode: no
-  register: sta
-
-- name: Determine Nginx presence
-  stat:
-    path: /etc/nginx/nginx.conf
-  check_mode: no
-  register: stn
-
-- include: apache.yml
-  when: sta.stat.isreg is defined and sta.stat.isreg
-
-- include: nginx.yml
-  when: stn.stat.isreg is defined and stn.stat.isreg
diff --git a/evoacme/tasks/nginx.yml b/evoacme/tasks/nginx.yml
deleted file mode 100644
index 44fc6656..00000000
--- a/evoacme/tasks/nginx.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-
-- name: move acme challenge conf if missplaced
-  command: mv /etc/nginx/letsencrypt.conf /etc/nginx/snippets/letsencrypt.conf
-  args:
-    removes: /etc/nginx/letsencrypt.conf
-    creates: /etc/nginx/snippets/letsencrypt.conf
-
-- name: Copy acme challenge conf
-  template:
-    src: templates/nginx.conf.j2
-    dest: /etc/nginx/snippets/letsencrypt.conf
-    owner: root
-    group: root
-    mode: "0644"
-
-- name: look for old path
-  command: grep -r /etc/nginx/letsencrypt.conf /etc/nginx
-  changed_when: False
-  failed_when: False
-  check_mode: no
-  register: grep_letsencrypt_old_path
-
-- name: Keep a symlink for vhosts with old path
-  file:
-    src: /etc/nginx/snippets/letsencrypt.conf
-    dest: /etc/nginx/letsencrypt.conf
-    state: link
-  when: grep_letsencrypt_old_path.rc == 0
-
-- name: Remove symlink if no vhost with old path
-  file:
-    dest: /etc/nginx/letsencrypt.conf
-    state: absent
-  when: grep_letsencrypt_old_path.rc == 1
diff --git a/evoacme/tasks/permissions.yml b/evoacme/tasks/permissions.yml
new file mode 100644
index 00000000..69bcbe12
--- /dev/null
+++ b/evoacme/tasks/permissions.yml
@@ -0,0 +1,33 @@
+---
+
+- name: Fix crt directory permissions
+  file:
+    path: "{{ evoacme_crt_dir }}"
+    mode: "0755"
+    owner: root
+    group: root
+    state: directory
+
+- name: "Fix hooks directory permissions"
+  file:
+    path: "{{ evoacme_hooks_dir }}"
+    mode: "0700"
+    owner: root
+    group: root
+    state: directory
+
+- name: Fix log directory permissions
+  file:
+    path: "{{ evoacme_log_dir }}"
+    mode: "0755"
+    owner: root
+    group: root
+    state: directory
+
+- name: Fix challenge directory permissions
+  file:
+    path: "{{ evoacme_acme_dir }}"
+    mode: "0755"
+    owner: root
+    group: root
+    state: directory