diff --git a/tasks/install.yml b/tasks/install.yml
index 8ef1d96aef2bde325f474e67b4cc2ac9f25742c0..b71668d7577c503efcae30de174a533d0125115a 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -17,3 +17,19 @@
     pkg: 'certbot'
     state: 'present'
     update_cache: yes
+
+- name: "Ensure log directory"
+  file:
+    path: '/var/log/letsencrypt'
+    state: 'directory'
+    mode: '700'
+  tags: 'logrotate'
+
+- name: "Enable logrotate"
+  template:
+    src: 'logrotate'
+    dest: '/etc/logrotate.d/letsencrypt'
+    owner: 'root'
+    group: 'root'
+    mode: '644'
+  tags: 'logrotate'
diff --git a/templates/logrotate b/templates/logrotate
new file mode 100644
index 0000000000000000000000000000000000000000..4cd1d86bf66c1b16fae5ded98e06eb96b6d36fa7
--- /dev/null
+++ b/templates/logrotate
@@ -0,0 +1,9 @@
+/var/log/letsencrypt/*.log {
+  daily
+  rotate 7
+  missingok
+  compress
+  delaycompress
+  notifempty
+  sharedscripts
+}