diff --git a/hosts.yaml b/hosts.yaml
index 90943ae..694289f 100644
--- a/hosts.yaml
+++ b/hosts.yaml
@@ -7,6 +7,8 @@ all:
   vars:
     ansible_become: false
   
+    certbotdomains:
+      - "jabber.0rpheus.net"
 
     haproxy_domains:
       # <Domain>: <Backend>
diff --git a/roles/haproxy/files/update_haproxy_certs.sh b/roles/haproxy/files/update_haproxy_certs.sh
index ae4e2be..736ffb0 100755
--- a/roles/haproxy/files/update_haproxy_certs.sh
+++ b/roles/haproxy/files/update_haproxy_certs.sh
@@ -13,12 +13,13 @@ do
           --agree-tos                        \
           --email micha@0rpheus.net          \
           --preferred-challenges=http        \
+          --rsa-key-size 4096                \
           --http-01-port=8888
     fi
 done < /etc/haproxy/domains.txt
 
 # renew all certificates
-certbot renew --http-01-port=8888 --preferred-challenges=http
+certbot renew --http-01-port=8888 --preferred-challenges=http --rsa-key-size 4096
 
 # copy certificates
 find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d | while read -r domain_path