diff --git a/Dockerfile b/Dockerfile
index 6c13357..6ecfcd4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,7 @@
-FROM registry.gitlab.com/thallian/docker-confd-env:master
+FROM registry.gitlab.com/thallian/docker-confd-env:lego
+
+ENV CERT_HOME /var/lib/murmur
+ENV CERT_USER murmur
 
 RUN apk add --no-cache murmur icu-libs
 
diff --git a/README.md b/README.md
index 2f91ea7..9f20163 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,9 @@
-Murmur server for [Mumble](https://wiki.mumble.info/wiki/Main_Page).
+Murmur server for [Mumble](https://wiki.mumble.info/wiki/Main_Page) which provisions
+tls certificates through [Let's Encrypt](https://letsencrypt.org/) with
+[lego](https://github.com/xenolf/lego).
+
+Take a look at the [base image](https://gitlab.com/thallian/docker-confd-env/tree/lego)
+for the certificate configuration.
 
 # Volumes
 - `/var/lib/murmur`
diff --git a/rootfs/bin/restart-services b/rootfs/bin/restart-services
new file mode 100755
index 0000000..df6ae74
--- /dev/null
+++ b/rootfs/bin/restart-services
@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv sh
+
+s6-svc -t /var/run/s6/services/murmur
diff --git a/rootfs/etc/confd/templates/murmur.ini.tmpl b/rootfs/etc/confd/templates/murmur.ini.tmpl
index 58174dd..955cb4a 100644
--- a/rootfs/etc/confd/templates/murmur.ini.tmpl
+++ b/rootfs/etc/confd/templates/murmur.ini.tmpl
@@ -157,8 +157,8 @@ users={{getenv "MAX_USERS" "20"}}
 
 # If you have a proper SSL certificate, you can provide the filenames here.
 # Otherwise, Murmur will create it's own certificate automatically.
-sslCert=/etc/ssl/murmur/{{getenv "CERT_NAME" "fullchain.pem"}}
-sslKey=/etc/ssl/murmur/{{getenv "KEY_NAME" "privkey.pem"}}
+sslCert={{getenv "CERT_HOME"}}/.lego/certificates/{{getenv "CERT_DOMAIN"}}.crt
+sslKey={{getenv "CERT_HOME"}}/.lego/certificates/{{getenv "CERT_DOMAIN"}}.key
 
 # The sslCiphers option chooses the cipher suites to make available for use
 # in SSL/TLS. This option is server-wide, and cannot be set on a