diff --git a/dockerfiles/confd/confd/templates/haproxy.cfg.tmpl b/dockerfiles/confd/confd/templates/haproxy.cfg.tmpl
index bc316c94ebb1ac516a0bd9469c74337b11a38da9..24f28df9c86c92db4d36d6b6dff3f812c223d36b 100644
--- a/dockerfiles/confd/confd/templates/haproxy.cfg.tmpl
+++ b/dockerfiles/confd/confd/templates/haproxy.cfg.tmpl
@@ -27,6 +27,7 @@ mode http
   rspadd  Strict-Transport-Security:\ max-age=15768000
   reqadd X-Forwarded-Proto:\ https
   acl autoconfig hdr_beg(host) -i autoconfig
+  acl letsencrypt path_beg /.well-known/acme
 
 {{range $app := lsdir "/services"}}
 {{$hostnames := printf "/services/%s/*" $app}}
@@ -40,6 +41,7 @@ mode http
   {{end}}
 {{end}}
 
+  use_backend letsencrypt if letsencrypt !https_letsencrypt.indie.host
   use_backend autoconfig  if autoconfig
 
 frontend http-in
@@ -57,6 +59,11 @@ backend {{base $hostname}}
   server Server {{$data.ip}}:{{$data.port}} cookie Server
   {{end}}
 {{end}}
+
+backend letsencrypt
+  cookie SERVERID insert nocache indirect
+  server Server letsencrypt.indie.host:443 cookie Server ssl verify none
+
 backend autoconfig
   cookie SERVERID insert nocache indirect
   server Server mail.indie.host:443 cookie Server ssl verify none