diff --git a/defaults/main/proxy_site_defs.yml b/defaults/main/proxy_site_defs.yml
index 07a5232..85762a4 100644
--- a/defaults/main/proxy_site_defs.yml
+++ b/defaults/main/proxy_site_defs.yml
@@ -33,11 +33,15 @@
     - "54.94.142.218"
 
 
-  proxy_site_ssl_directory       : /etc/nginx/ssl
-  proxy_site_ssl_certificate     : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain12.pem"
-  proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey12.pem"
-  proxy_site_ssl_protocols       : TLSv1.2
-  proxy_site_ssl_ciphers         : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
+  proxy_site_ssl_directory           : /etc/nginx/ssl
+  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain13.pem"
+  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey13.pem"
+  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain3.pem"
+  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey3.pem"
+  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain12.pem"
+  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey12.pem"
+  proxy_site_ssl_protocols           : TLSv1.2
+  proxy_site_ssl_ciphers             : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
 
 
   # many websites are run from an apache host
diff --git a/defaults/main/proxy_sites.yml b/defaults/main/proxy_sites.yml
index 7cb88e0..214837d 100644
--- a/defaults/main/proxy_sites.yml
+++ b/defaults/main/proxy_sites.yml
@@ -196,8 +196,17 @@ proxy_sites:
     proto      : http
     dest       : "{{ proxy_default_host }}"
     port       : 80
-    ssl_cert   : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain2.pem"
-    ssl_key    : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey2.pem"
+    ssl_cert   : "{{ proxy_site_ssl_certificate_ch }}"
+    ssl_key    : "{{ proxy_site_ssl_certificate_key_ch }}"
+    max_upload : "{{ proxy_default_max_upload }}"
+
+
+  chris-hammer.com:
+    proto      : http
+    dest       : "{{ proxy_default_host }}"
+    port       : 80
+    ssl_cert   : "{{ proxy_site_ssl_certificate_ch }}"
+    ssl_key    : "{{ proxy_site_ssl_certificate_key_ch }}"
     max_upload : "{{ proxy_default_max_upload }}"
 
 
@@ -206,15 +215,9 @@ proxy_sites:
     proto      : http
     dest       : "{{ proxy_default_host }}"
     port       : 80
-    ssl_cert   : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain11.pem"
-    ssl_key    : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey11.pem"
+    ssl_cert   : "{{ proxy_site_ssl_certificate_cht }}"
+    ssl_key    : "{{ proxy_site_ssl_certificate_key_cht }}"
     max_upload : "{{ proxy_default_max_upload }}"
 
 
-  chris-hammer.com:
-    proto      : http
-    dest       : "{{ proxy_default_host }}"
-    port       : 80
-    ssl_cert   : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain2.pem"
-    ssl_key    : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey2.pem"
-    max_upload : "{{ proxy_default_max_upload }}"
+...