diff --git a/roles/web_server/tasks/main.yml b/roles/web_server/tasks/main.yml
index b20141e2e77fc331af3243d1f8d3b9f60c2d8e39..d2b9a617373b7e7289079bf2e7b2cc4ff0b57357 100644
--- a/roles/web_server/tasks/main.yml
+++ b/roles/web_server/tasks/main.yml
@@ -26,8 +26,8 @@
     - Restart nginx
 
 - name: Harden TLS by allowing only TLSv1.2 and PFS ciphers
-  copy: dest="/etc/nginx/conf.d/tls.conf" src="tls.conf"
-        owner="root" group="root" mode=644
+  template: dest="/etc/nginx/conf.d/tls.conf" src="tls.conf.j2"
+            owner="root" group="root" mode=644
   notify:
     - Restart nginx