diff --git a/contrib/systemd/certbot.service b/contrib/systemd/certbot.service
new file mode 100644
index 0000000..26d3bfa
--- /dev/null
+++ b/contrib/systemd/certbot.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Certbot certificate renew trigger
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Environment="VOLUME_ROOT=/home/admin/mattermost-docker"
+Type=oneshot
+ExecStart=/usr/bin/docker run --rm --name certbot --network mattermost \
+                              -v '${VOLUME_ROOT}/certs/etc/letsencrypt:/etc/letsencrypt' \
+                              -v '${VOLUME_ROOT}/certs/var/lib/letsencrypt:/var/lib/letsencrypt' \
+                              -v shared-webroot:/webroot \
+                              certbot/certbot renew --webroot-path /webroot
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/systemd/certbot.timer b/contrib/systemd/certbot.timer
new file mode 100644
index 0000000..290c8dd
--- /dev/null
+++ b/contrib/systemd/certbot.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Certbot certificate renew trigger
+
+[Timer]
+Persistent=true
+OnCalendar=*-*-* 4:00:00
+
+[Install]
+WantedBy=timers.target
diff --git a/docker-compose.nginx.yml b/docker-compose.nginx.yml
index 1570166..2f9029c 100644
--- a/docker-compose.nginx.yml
+++ b/docker-compose.nginx.yml
@@ -10,9 +10,19 @@ services:
       - ${NGINX_DHPARAMS_FILE}:/dhparams4096.pem
       - ${CERT_PATH}:/cert.pem:ro
       - ${KEY_PATH}:/key.pem:ro
+      - shared-webroot:/usr/share/nginx/html
     environment:
       # timezone inside container
       - TZ
     ports:
       - ${HTTPS_PORT}:443
       - ${HTTP_PORT}:80
+
+# Shared volume for Let's Encrypt certificate renewal with a webroot
+volumes:
+  shared-webroot:
+
+# This network name is being used for Let's Encrypt certificate renewal
+networks:
+  default:
+    name: mattermost