diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index 13e1ce4..599882e 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -64,12 +64,8 @@
     src: "{{ item }}.j2"
     dest: "/etc/postfix/{{ item }}"
   loop:
-    - email2email
     - main.cf
     - master.cf
-    - virtual_alias
-    - virtual_domains
-    - virtual_mailbox
   notify: Restart postfix
 
 - name: Copy postfix conf
@@ -158,8 +154,6 @@
     src: "rspamd/{{ item }}.j2"
     dest: "/etc/rspamd/{{ item }}"
   loop:
-    - dkim/canebier.fr.2023061901.key
-    - dkim/chapoline.me.2023061901.key
     - override.d/classifier-bayes.conf
     - override.d/redis.conf
     - override.d/milter_headers.conf
@@ -168,8 +162,17 @@
     - local.d/actions.conf
   notify: Restart rspamd
 
+- name: Decrypt rspamd conf
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/rspamd/{{ item }}"
+  loop:
+    - dkim/canebier.fr.2023061901.key
+    - dkim/chapoline.me.2023061901.key
+  notify: Restart rspamd
+
 - name: Generate letsencrypt certificates
-  command: "certbot --apache -d {{ mail.external_hostname }} --no-redirect -m {{ letsencrypt_email|default('me@chapoline.me') }} --agree-tos --deploy-hook 'systemctl restart postfix dovecot'"
+  command: "certbot --apache -d {{ mail.external_hostname }} --renew-by-default --expand --no-redirect -m {{ letsencrypt_email|default('me@chapoline.me') }} --agree-tos --deploy-hook 'systemctl restart postfix dovecot'"
 
 
 - name: Compile dovecot files