diff --git a/README.md b/README.md
index 89e2d0a..ab99512 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,11 @@ To use it, do this:
   * requests new certificate for FreeIPA web interface
 * run renew-le.sh script once a day: it will renew the cert as necessary
 
+## Service files
+* instead of anywhere, clone/unpack all the scripts into `/usr/local/sbin/ipa-certbot/` instead.
+* copy `freeipa-certbot.service` and `freeipa-certbot.timer` into `/etc/systemd/system/`
+* run `systemctl daemon-reload; systemctl enable freeipa-certbot.service; systemctl enable freeipa-certbot.timer --now`
+
 
 If you have any problem, feel free to contact FreeIPA team:
 http://www.freeipa.org/page/Contribute#Communication
diff --git a/freeipa-certbot.service b/freeipa-certbot.service
new file mode 100644
index 0000000..4c4ee69
--- /dev/null
+++ b/freeipa-certbot.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Renew certbot IPA certificate
+Wants=freeipa-certbot.timer
+
+[Service]
+User=root
+Type=oneshot
+ExecStart=/usr/local/sbin/ipa-certbot/renew-le.sh
+SuccessExitStatus=0, 1
+
+
+[Install]
+WantedBy=multi-user.target
diff --git a/freeipa-certbot.timer b/freeipa-certbot.timer
new file mode 100644
index 0000000..516f47d
--- /dev/null
+++ b/freeipa-certbot.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Timer for certbot IPA certificate renewal
+Requires=freeipa-certbot.service
+
+[Timer]
+Unit=freeipa-certbot.service
+OnCalendar=*-*-* 08:34
+
+[Install]
+WantedBy=timers.target