diff --git a/files/snster-kaz/hoster-a/kaz1/provision.sh b/files/snster-kaz/hoster-a/kaz1/provision.sh
index 1220759..b9b1534 100644
--- a/files/snster-kaz/hoster-a/kaz1/provision.sh
+++ b/files/snster-kaz/hoster-a/kaz1/provision.sh
@@ -55,14 +55,12 @@ echo "export SNSTERGUARD='true'" >> /root/.bashrc
 
 
 # On place les certifs
-# On place les certifs
-if  [ -f tls/root_ca.crt ]; then
-  cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
-  /usr/sbin/update-ca-certificates --fresh
-fi
-if  [ -d letsencrypt ]; then
-  cp -ar letsencrypt /etc/
-fi
+cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
+/usr/sbin/update-ca-certificates --fresh
+
+mkdir -p /etc/letsencrypt/live/kaz.sns
+cp tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
+cp tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem
 
 # On sauve le proxy APT
 proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1)
diff --git a/files/vm-provision.sh b/files/vm-provision.sh
index 6fde8e4..ad1e8ed 100755
--- a/files/vm-provision.sh
+++ b/files/vm-provision.sh
@@ -159,10 +159,6 @@ EOF
 
     step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure
 
-   	mkdir -p /etc/letsencrypt/live/kaz.sns/
-    ln -sf /root/tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
-    ln -sf /root/tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem
-
     # Cache docker registry
     echo "proxy:
   remoteurl: https://registry-1.docker.io
@@ -196,8 +192,8 @@ auth:
     cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
 
     # crypto keys
-    cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
-    cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
+    cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
+    cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
     cp -ar /root/tls /root/snster-kaz/isp-a/home/
     cp -ar /root/tls /root/snster-kaz/mica/infra/
 
diff --git a/files/vm-upgrade.sh b/files/vm-upgrade.sh
index 45fc7b2..5e5d4ab 100755
--- a/files/vm-upgrade.sh
+++ b/files/vm-upgrade.sh
@@ -26,8 +26,8 @@ git switch "${KAZBRANCH}"
 # On écrase les anciens fichiers
 cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
 # crypto keys
-cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
-cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
+cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
+cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
 cp -ar /root/tls /root/snster-kaz/isp-a/home/
 cp -ar /root/tls /root/snster-kaz/mica/infra/