diff --git a/tasks/main.yml b/tasks/main.yml
index 417cfe0..1e0cb9b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -7,14 +7,21 @@
     state: present
   loop: "{{ cockpit_packages }}"
 
-- name: disable cockpit internal TLS
+- name: disable cockpit selfsigned TLS
   ini_file:
-    dest: "/usr/lib/systemd/system/cockpit.service"
-    section: "Service"
-    option: "ExecStart"
-    value: "/usr/libexec/cockpit-ws --no-tls"
+    dest: "/etc/cockpit/cockpit.conf"
+    section: "WebService"
+    option: "AllowUnencrypted"
+    value: "true"
+  register: systemd
+
+- name: add cockpit origin
+  ini_file:
+    dest: "/etc/cockpit/cockpit.conf"
+    section: "WebService"
+    option: "Origins"
+    value: "https://{{ ansible_hostname }}.cockpit.troubles.io"
   register: systemd
-  when: cockpit_disable_tls
 
 - name: change default listen port
   blockinfile: