diff --git a/roles/mail-certificates/templates/conf.ini.j2 b/roles/mail-certificates/templates/conf.ini.j2
new file mode 100644
index 0000000..cdcd8db
--- /dev/null
+++ b/roles/mail-certificates/templates/conf.ini.j2
@@ -0,0 +1,26 @@
+# {{ ansible_managed }}
+
+# Pour appliquer cette conf et générer la conf de renewal :
+# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+# server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+email = {{ certbot.mail }}
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Use nginx challenge
+authenticator = standalone
+
+# Accept TOS
+agree-tos = True
+
+# Wildcard the domain
+cert-name = {{ certbot.certname }}
+domains = {{ ", ".join(certbot.domains) }}