diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index 810ed1f..42117e3 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -48,6 +48,8 @@
       "kosmos-akkounts::nginx",
       "kosmos-akkounts::nginx_api",
       "kosmos-bitcoin::nginx_lndhub",
+      "kosmos-hubot::nginx_botka_irc-libera-chat",
+      "kosmos-hubot::nginx_hal8000_xmpp",
       "kosmos-ipfs::nginx_public_gateway",
       "kosmos-mastodon::nginx",
       "remotestorage_discourse::nginx",
diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb
index c3502d0..ed671eb 100644
--- a/roles/openresty_proxy.rb
+++ b/roles/openresty_proxy.rb
@@ -25,9 +25,6 @@ default_run_list = %w(
   kosmos_garage::firewall_rpc
   kosmos_garage::nginx_web
   kosmos-ejabberd::nginx
-
-  kosmos-hubot::nginx_botka_irc-libera-chat
-  kosmos-hubot::nginx_hal8000_xmpp
 )
 
 production_run_list = %w(
@@ -42,6 +39,8 @@ production_run_list = %w(
   kosmos-akkounts::nginx
   kosmos-akkounts::nginx_api
   kosmos-bitcoin::nginx_lndhub
+  kosmos-hubot::nginx_botka_irc-libera-chat
+  kosmos-hubot::nginx_hal8000_xmpp
   kosmos-ipfs::nginx_public_gateway
   kosmos-mastodon::nginx
   remotestorage_discourse::nginx
diff --git a/site-cookbooks/kosmos-hubot/metadata.rb b/site-cookbooks/kosmos-hubot/metadata.rb
index 4867b00..f3be70f 100644
--- a/site-cookbooks/kosmos-hubot/metadata.rb
+++ b/site-cookbooks/kosmos-hubot/metadata.rb
@@ -9,6 +9,7 @@ version          '0.2.0'
 depends 'kosmos-base'
 depends 'kosmos-nodejs'
 depends 'kosmos-ipfs'
+depends 'kosmos_openresty'
 depends 'firewall'
 depends 'git'
 depends 'redisio'
diff --git a/site-cookbooks/kosmos-hubot/recipes/nginx_botka_irc-libera-chat.rb b/site-cookbooks/kosmos-hubot/recipes/nginx_botka_irc-libera-chat.rb
index df0ba8f..62470a9 100644
--- a/site-cookbooks/kosmos-hubot/recipes/nginx_botka_irc-libera-chat.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/nginx_botka_irc-libera-chat.rb
@@ -1,24 +1,17 @@
-include_recipe "kosmos-base::letsencrypt"
-include_recipe "kosmos-nginx"
-
 domain = "irc-libera-chat.botka.kosmos.chat"
 
-nginx_certbot_site domain
-
 upstream_host = search(:node, "role:hubot").first["knife_zero"]["host"]
 
-template "#{node['nginx']['dir']}/sites-available/#{domain}" do
-  source 'nginx_conf_hubot.erb'
-  owner node["nginx"]["user"]
-  mode 0640
+tls_cert_for domain do
+  auth "gandi_dns"
+  action :create
+end
+
+openresty_site domain do
+  template 'nginx_conf_hubot.erb'
   variables express_port: node['botka_irc-libera-chat']['http_port'],
             server_name:  domain,
             ssl_cert:     "/etc/letsencrypt/live/#{domain}/fullchain.pem",
             ssl_key:      "/etc/letsencrypt/live/#{domain}/privkey.pem",
             upstream_host: upstream_host
-    notifies :reload, 'service[nginx]', :delayed
-end
-
-nginx_site domain do
-  action :enable
 end
diff --git a/site-cookbooks/kosmos-hubot/recipes/nginx_hal8000_xmpp.rb b/site-cookbooks/kosmos-hubot/recipes/nginx_hal8000_xmpp.rb
index 75f9d12..f6bc2b3 100644
--- a/site-cookbooks/kosmos-hubot/recipes/nginx_hal8000_xmpp.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/nginx_hal8000_xmpp.rb
@@ -1,24 +1,18 @@
-include_recipe "kosmos-base::letsencrypt"
-include_recipe "kosmos-nginx"
-
 app_name  = "hal8000_xmpp"
-
-nginx_certbot_site node[app_name]['domain']
+domain    = node[app_name]['domain']
 
 upstream_host = search(:node, "role:hubot").first["knife_zero"]["host"]
 
-template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
-  source 'nginx_conf_hubot.erb'
-  owner node["nginx"]["user"]
-  mode 0640
+tls_cert_for domain do
+  auth "gandi_dns"
+  action :create
+end
+
+openresty_site domain do
+  template 'nginx_conf_hubot.erb'
   variables express_port:  node[app_name]['http_port'],
             server_name:   node[app_name]['domain'],
             ssl_cert:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
             ssl_key:       "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem",
             upstream_host: upstream_host
-  notifies :reload, 'service[nginx]', :delayed
-end
-
-nginx_site node[app_name]['domain'] do
-  action :enable
 end
diff --git a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
index 3c8c426..7cfcb87 100644
--- a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
+++ b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
@@ -6,7 +6,7 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
 }
 
 server {
-  listen 443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
   listen [::]:443 ssl http2;
   server_name <%= @server_name %>;