diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 639ab91fb5e06ce50e806e15116536057a8414c3..efbf9e761808b4e247ee62f86bab3c46cfc7ca86 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -64,7 +64,7 @@ frontend http_in
 {% endfor %}
   http-request set-header x-routing-host undefined
   acl letsencrypt_challenge path_beg /.well-known/acme-challenge/
-{% for host in groups['all'] %}
+{% for host in groups['all']|sort %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
 {% for path in redirect.paths|default([]) %}
@@ -79,7 +79,7 @@ frontend http_in
 {% endfor %}
 {% endfor %}
 {% endfor %}
-{% for host in groups['all'] %}
+{% for host in groups['all']|sort %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
 {% for path in redirect.paths|default([]) %}
@@ -106,12 +106,12 @@ frontend http_in
 {% endfor %}
 {% endif %}
 {% endfor %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
   http-request set-header x-routing-host {{ host }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -i -n -f /etc/haproxy/{{ host }}.path.list }
 {% endif %}
 {% endfor %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
 {% for path in hostvars[host].routing.paths|default([]) %}
   http-request set-header x-routing-host {{ host }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path_beg {{ path }} }
@@ -126,7 +126,7 @@ frontend http_in
   acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
   use_backend backend_redirect_ssl if kibana_present
 {% endif %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
   acl redirect_ssl_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
   use_backend backend_redirect_ssl if redirect_ssl_{{host}}
 {% endfor %}
@@ -141,11 +141,11 @@ frontend http_in
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
   use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
   use_backend backend_{{ host }}_bigpipe if domain_uses_bigpipe { hdr(x-routing-host) {{ host }} }
   use_backend backend_{{ host }} if { hdr(x-routing-host) {{ host }} }
 {% endfor %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
   acl domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
   use_backend backend_{{host}}_bigpipe if domain_uses_bigpipe domain_in_{{host}}
   use_backend backend_{{host}} if domain_in_{{host}}
@@ -173,7 +173,7 @@ frontend https_in_{{ cert.ip }}
   http-request deny if { {{ rule }} }
 {% endfor %}
   http-request set-header x-routing-host undefined
-{% for host in groups['all'] %}
+{% for host in groups['all']|sort %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
 {% for path in redirect.paths|default([]) %}
@@ -188,7 +188,7 @@ frontend https_in_{{ cert.ip }}
 {% endfor %}
 {% endfor %}
 {% endfor %}
-{% for host in groups['all'] %}
+{% for host in groups['all']|sort %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
 {% for path in redirect.paths|default([]) %}
@@ -215,12 +215,12 @@ frontend https_in_{{ cert.ip }}
 {% endfor %}
 {% endif %}
 {% endfor %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
   http-request set-header x-routing-host {{ host }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -i -n -f /etc/haproxy/{{ host }}.path.list }
 {% endif %}
 {% endfor %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
 {% for path in hostvars[host].routing.paths|default([]) %}
   http-request set-header x-routing-host {{ host }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path_beg {{ path }} }
@@ -238,7 +238,7 @@ frontend https_in_{{ cert.ip }}
   acl is_{{ external.key }} {{ external.acl }}
   use_backend backend_{{ external.key }} if is_{{ external.key }}
 {% endfor %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
   acl crm_redirect_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
   use_backend backend_redirect if crm_redirect_{{host}}
 {% endfor %}
@@ -249,11 +249,11 @@ frontend https_in_{{ cert.ip }}
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
   use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
   use_backend backend_{{ host }}_https_bigpipe if domain_uses_bigpipe { hdr(x-routing-host) {{ host }} }
   use_backend backend_{{ host }}_https if { hdr(x-routing-host) {{ host }} }
 {% endfor %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
   acl ssl_domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
   use_backend backend_{{host}}_https_bigpipe if domain_uses_bigpipe ssl_domain_in_{{host}}
   use_backend backend_{{host}}_https if ssl_domain_in_{{host}}
@@ -280,7 +280,7 @@ backend backend_{{ external.key }}
 backend backend_{{ proxy_default_backend }}
   http-response deny
 {% endif %}
-{% for host in groups['webserver'] %}
+{% for host in groups['webserver']|sort %}
 
 backend backend_{{host}}
 {% if host == inventory_hostname or host == 'localhost' %}