diff --git a/defaults/main.yml b/defaults/main.yml
index 596b026..4cf9456 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -57,6 +57,11 @@ haproxy_service_configs: []
 #         white_list:
 #           rule: "src 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
 #           backend_name: "mybackend"
+#      haproxy_frontend_acls:
+#          letsencrypt-acl:
+#            rule: "path_beg /.well-known/acme-challenge/"
+#            backend_name: letsencrypt
+
 galera_monitoring_user: monitoring
 haproxy_bind_on_non_local: False
 
diff --git a/templates/service.j2 b/templates/service.j2
index cc210ad..602634c 100644
--- a/templates/service.j2
+++ b/templates/service.j2
@@ -36,7 +36,11 @@
 frontend {{ item.service.haproxy_service_name }}-redirect-front-{{ loop.index }}
 bind {{ vip_bind }}:{{ item.service.haproxy_redirect_http_port }}
     mode http
-    redirect scheme https if !{ ssl_fc }
+    redirect scheme {{ item.service.haproxy_redirect_scheme  | default('https if !{ ssl_fc }') }}
+{%   for key, value in item.service.haproxy_frontend_acls.items() %}
+    acl {{ key }} {{ value.rule }}
+    use_backend {{ value.backend_name | default(item.service.haproxy_service_name) }}-back if {{ key }}
+{%   endfor %}
 {% endif %}
 {% endif %}