diff --git a/puppet/zulip_ops/manifests/apache.pp b/puppet/zulip_ops/manifests/apache.pp
index f7c54d0eae..74f7c0455f 100644
--- a/puppet/zulip_ops/manifests/apache.pp
+++ b/puppet/zulip_ops/manifests/apache.pp
@@ -45,11 +45,10 @@ class zulip_ops::apache {
   }
 
   file { "/etc/apache2/sites-available/":
-    recurse => true,
+    ensure => directory,
     require => Package[apache2],
     owner  => "root",
     group  => "root",
     mode => 640,
-    source => "puppet:///modules/zulip_ops/apache/sites/",
   }
 }
diff --git a/puppet/zulip_ops/manifests/nagios.pp b/puppet/zulip_ops/manifests/nagios.pp
index 591283028e..7a868b6abb 100644
--- a/puppet/zulip_ops/manifests/nagios.pp
+++ b/puppet/zulip_ops/manifests/nagios.pp
@@ -134,5 +134,14 @@ class zulip_ops::nagios {
     notify => Service["nagios3"],
   }
 
+  file { "/etc/apache2/sites-available/nagios.conf":
+    recurse => true,
+    purge => false,
+    require => Package[apache2],
+    owner  => "root",
+    group  => "root",
+    mode => 640,
+    content => template("zulip_ops/nagios_apache_site.conf.template.erb"),
+  }
   # TODO: Install our API
 }
diff --git a/puppet/zulip_ops/files/apache/sites/nagios.conf b/puppet/zulip_ops/templates/nagios_apache_site.conf.template.erb
similarity index 72%
rename from puppet/zulip_ops/files/apache/sites/nagios.conf
rename to puppet/zulip_ops/templates/nagios_apache_site.conf.template.erb
index 39ffeb4c62..5d8790da67 100644
--- a/puppet/zulip_ops/files/apache/sites/nagios.conf
+++ b/puppet/zulip_ops/templates/nagios_apache_site.conf.template.erb
@@ -1,17 +1,15 @@
 <VirtualHost *:80>
-    ServerName nagios.zulip.net
-    Redirect permanent / https://nagios.zulip.net/
+    ServerName nagios.<%= @hosts_domain %>
+    Redirect permanent / https://nagios.<%= @hosts_domain %>/
 </VirtualHost>
 
 <VirtualHost *:443>
-    ServerName nagios.zulip.net
+    ServerName nagios.<%= @hosts_domain %>
 
     SSLEngine on
-    SSLCertificateFile /etc/ssl/certs/nagios.zulip.net.crt
-    SSLCertificateKeyFile /etc/ssl/private/nagios.key
-
-    SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem
-    SSLCACertificateFile /etc/ssl/certs/ca.pem
+    SSLCertificateFile /etc/letsencrypt/live/nagios.<%= @hosts_domain %>/cert.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/nagios.<%= @hosts_domain %>/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/nagios.<%= @hosts_domain %>/privkey.pem
 
     Header add Strict-Transport-Security "max-age=15768000"
     Header add X-Frame-Options DENY
@@ -25,7 +23,7 @@
     # Where the HTML pages live
     Alias /nagios3 /usr/share/nagios3/htdocs
 
-    RedirectMatch ^/?$ https://nagios.zulip.net/cgi-bin/nagios3/status.cgi?host=all
+    RedirectMatch ^/?$ https://nagios.<%= @hosts_domain %>/cgi-bin/nagios3/status.cgi?host=all
 
     <Location "/">
         AuthType Digest