diff --git a/certbot/conf/.gitkeep b/certbot/conf/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/certbot/www/.gitkeep b/certbot/www/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
index 6ba6ed8..0fd46cd 100644
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@@ -15,7 +15,10 @@ upstream frontend
 
 server
 {
-	listen 80; server_name crm.logidex.ru;
+	listen 80;
+
+	server_tokens off;
+	server_name crm.logidex.ru www.crm.logidex.ru;
 	gzip on;
 	gzip_proxied any;
 	gzip_comp_level 4;
@@ -64,4 +67,8 @@ server
 		proxy_cache_valid 60m;
 		proxy_pass http://frontend;
 	}
+
+	location /.well-known/acme-challenge/ {
+	    root /var/www/certbot;
+    }
 }
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index d077fab..bb80155 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,7 +17,7 @@ services:
       - appnet
     restart: unless-stopped
   nginx:
-    image: nginx:latest
+    image: nginx:alpine-slim
     ports:
       - "80:80"
       - "443:443"
@@ -33,9 +33,24 @@ services:
         source: app_run
         target: /app/run
         read_only: false
+      - type: bind
+        source: ./certbot/www
+        target: /var/www/certbot
+        read_only: true
     restart: unless-stopped
     networks:
       - appnet
+  certbot:
+    image: certbot/certbot:latest
+    volumes:
+      - type: bind
+        source: ./certbot/www
+        target: /var/www/certbot
+        read_only: false
+      - type: bind
+        source: ./certbot/conf
+        target: /etc/letsencrypt
+        read_only: false
 volumes:
   app_run:
     driver: local