diff --git a/roles/ejabberd.rb b/roles/ejabberd.rb
index 2ada5cb..a2d802b 100644
--- a/roles/ejabberd.rb
+++ b/roles/ejabberd.rb
@@ -7,8 +7,8 @@ default_run_list = %w(
 
 production_run_list = %w(
   role[postgresql_client]
-  kosmos-ejabberd::default
   kosmos-ejabberd::letsencrypt
+  kosmos-ejabberd::default
 )
 env_run_lists(
   'development' => default_run_list,
diff --git a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
index d047bba..ce65d33 100644
--- a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
@@ -52,6 +52,7 @@ end
   end
 end
 
+# TODO check if nginx is installed/running on the node
 file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do
   content <<-EOF
 #!/usr/bin/env bash
diff --git a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
index 77fe955..4d57a23 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
@@ -1,11 +1,7 @@
 # Generated by Chef for <%= @host[:name] %>
-# FIXME: The files only exist after the certbot hook created them, meaning
-# we need to run Chef a second time
-<% if File.exist?("/opt/ejabberd/conf/#{@host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{@host[:name]}.key") -%>
 certfiles:
   - "/opt/ejabberd/conf/<%= @host[:name] %>.crt"
   - "/opt/ejabberd/conf/<%= @host[:name] %>.key"
-<% end -%>
 host_config:
   "<%= @host[:name] %>":
     sql_type: pgsql