diff --git a/ansible/roles/k8s_lb/files/mastodon_public_certificate_not_sensitive.pem b/ansible/roles/k8s_lb/files/mastodon_public_certificate_not_sensitive.pem
new file mode 100644
index 0000000..19f85bc
--- /dev/null
+++ b/ansible/roles/k8s_lb/files/mastodon_public_certificate_not_sensitive.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIUcq7riJ6BLW0hszKyBdP6YZUVc9UwDQYJKoZIhvcNAQEL
+BQAwgZkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwI
+TmV3IFlvcmsxETAPBgNVBAoMCE5ZQyBNZXNoMQ8wDQYDVQQLDAZkYW5pZWwxHTAb
+BgNVBAMMFG1hc3RvZG9uLm55Y21lc2gubmV0MSEwHwYJKoZIhvcNAQkBFhJkYW5p
+ZWxAbnljbWVzaC5uZXQwHhcNMjUwMTA4MDUwOTI1WhcNMjYwMTA4MDUwOTI1WjCB
+mTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcg
+WW9yazERMA8GA1UECgwITllDIE1lc2gxDzANBgNVBAsMBmRhbmllbDEdMBsGA1UE
+AwwUbWFzdG9kb24ubnljbWVzaC5uZXQxITAfBgkqhkiG9w0BCQEWEmRhbmllbEBu
+eWNtZXNoLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMpWtHx
+SyuIUd8YsbAyQJl/hQEmQG7fWgnHBkePURft4nJpb6OyNzfuaYI99JSE4xN2vhbH
+VWal/ol9zqYQwzck35Q1IJ4ejsuu8EBCDw+OT4wjY2Be9HX7BmCoJlD8B06//x/t
+Nq5BEtwmra/shXvSF9iIHxmMzzZt/6vkRRmTpUG8HmPTRe5qwNL+8/abXYCACCpO
+c5TxK9P9U4fZGDoAFPmV6wOZ2ZTd39ALaq9T2GUOiIB7PLU/GG6kW1pB/vFAicjA
+/lZK2C/uK5JDbdw7G6bfWBkNcjjk6AgU0wgdwjf823fVZNF27jVwwmLJUdDg8AKy
+BTIlK7JM0dZq2bUCAwEAAaNTMFEwHQYDVR0OBBYEFKieCZYHv0NhD7jlRkdZCQ1K
+C61SMB8GA1UdIwQYMBaAFKieCZYHv0NhD7jlRkdZCQ1KC61SMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBABFypWpWWTeq4lNeGYdH1ixWQM4E7reT
+Lkh8+uWkmQaLZkzUQ125tgZ5rXhhxTQ34c7ieZ3B/2z6QYKab6eNABz5WHNVM9Ah
+OG/PiXqhi8aoPFTnUsYFLHZwLrVRjJMmM5ebULttvqO0kRLli0VhYMLjpktO9iYc
+af/pbSkhm+PMs6CdkHM1VQpCfszH4U7+ZrpVKRh2qZZNuYfhCKo9QXz0tb8OvSZ4
+dSMopHKILIu3vyQOKQPXg/8Odx5yzjNhrljaTeRDrJu2bVqlh0GjqkRwYQ5e7blw
+gd5hdzRkHD2j7CUhvA9exA8+BTLDwPRvu13hEtX39vPtOm60baMAR74=
+-----END CERTIFICATE-----
diff --git a/ansible/roles/k8s_lb/tasks/main.yaml b/ansible/roles/k8s_lb/tasks/main.yaml
index a25989f..5f763ea 100644
--- a/ansible/roles/k8s_lb/tasks/main.yaml
+++ b/ansible/roles/k8s_lb/tasks/main.yaml
@@ -113,6 +113,20 @@
     state: directory
     mode: "0755"
 
+- name: Create external_ssl certs directory if it does not exist
+  ansible.builtin.file:
+    path: /etc/haproxy/external_ssl
+    state: directory
+    mode: '0755'
+
+- name: Copy mastodon PUBLIC cert
+  ansible.builtin.copy:
+    src: mastodon_public_certificate_not_sensitive.pem
+    dest: /etc/haproxy/external_ssl/mastodon.pem
+    owner: "root"
+    group: "root"
+    mode: "644"
+
 - name: Check if file exists
   ansible.builtin.stat:
     path: "/etc/haproxy/ssl/lb.pem"
diff --git a/ansible/roles/k8s_lb/templates/haproxy.cfg b/ansible/roles/k8s_lb/templates/haproxy.cfg
index cd23d73..c43b0c8 100644
--- a/ansible/roles/k8s_lb/templates/haproxy.cfg
+++ b/ansible/roles/k8s_lb/templates/haproxy.cfg
@@ -102,7 +102,7 @@ backend be_grafana
 backend be_mastodon
   log global
   mode http
-  server srv_mastodon 10.70.187.12:80
+  server srv_mastodon 10.70.187.12:443 ssl verify required ca-file /etc/haproxy/external_ssl/mastodon.pem
 
 backend be_gsg-displays
   log global