diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 733a24d4..07697af8 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -307,6 +307,9 @@ function update_prosody_modules {
 }
 
 function upgrade_xmpp_server {
+    if [ -d /etc/letsencrypt ]; then
+        usermod -a -G ssl-cert prosody
+    fi
     function_check update_prosody_modules
     update_prosody_modules
 
@@ -665,29 +668,29 @@ function xmpp_create_config {
     echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
     echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
     if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
     else
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
     fi
-    echo "    key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
     echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
     echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
     echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    echo "    dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     echo "}" >> /etc/prosody/prosody.cfg.lua
     echo '' >> /etc/prosody/prosody.cfg.lua
     echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
-    echo "    key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
     if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
     else
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
     fi
     echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
     echo '    depth = "1";' >> /etc/prosody/prosody.cfg.lua
     echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
     echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    echo "    dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     echo '}' >> /etc/prosody/prosody.cfg.lua
     echo '' >> /etc/prosody/prosody.cfg.lua
     echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
@@ -977,6 +980,9 @@ function install_xmpp_main {
     chown -R prosody /usr/lib/prosody
     chmod -R 700 /etc/prosody/conf.d
 
+    if [ -d /etc/letsencrypt ]; then
+        usermod -a -G ssl-cert prosody
+    fi
     systemctl restart prosody
 
     if [[ $ONION_ONLY != 'no' ]]; then
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 3babfdc5..f1be9656 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -711,24 +711,13 @@ function update_default_domain {
             fi
 
             cp /etc/ssl/private/xmpp* /etc/prosody/certs
-            cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
             cp /etc/ssl/certs/xmpp* /etc/prosody/certs
-            cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
-            if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
-                if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
-                    cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
-                fi
-            fi
-            if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-                if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-                    mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
-                fi
-            else
-                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+            if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
 
-                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
-                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
             fi
             chown -R prosody:default /etc/prosody
             chmod -R 700 /etc/prosody/certs/*