diff --git a/roles/certificates/handlers/main.yml b/roles/certificates/handlers/main.yml
new file mode 100644
index 0000000..aebd07c
--- /dev/null
+++ b/roles/certificates/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+# copyright Utrecht University
+
+- name: Restart Nginx webserver
+  ansible.builtin.service:
+    name: nginx
+    state: restarted
diff --git a/roles/certificates/tasks/main.yml b/roles/certificates/tasks/main.yml
index 0c0b2b6..4541886 100644
--- a/roles/certificates/tasks/main.yml
+++ b/roles/certificates/tasks/main.yml
@@ -23,6 +23,7 @@
     force: false
     state: present
   when: cert_mode == "selfsigned"
+  notify: Restart Nginx webserver
 
 
 - name: Upload private key of certificate
@@ -33,6 +34,7 @@
     group: root
     mode: '0600'
   when: cert_mode == "static"
+  notify: Restart Nginx webserver
 
 
 - name: Create file with certificate and chain
@@ -43,6 +45,7 @@
     group: root
     mode: "0644"
   when: cert_mode == "static"
+  notify: Restart Nginx webserver
 
 
 - name: Ensure OpenSSL certificate signing request is present
@@ -68,6 +71,7 @@
     chdir: '{{ openssl_certs_dir }}'
     creates: '{{ openssl_crt_selfsigned }}'
   when: cert_mode == "selfsigned"
+  notify: Restart Nginx webserver
 
 
 - name: Ensure signed private key is present
@@ -77,6 +81,7 @@
   args:
     creates: '{{ openssl_private_dir }}/{{ openssl_key_signed }}'
   when: cert_mode == "selfsigned"
+  notify: Restart Nginx webserver
 
 
 - name: Ensure signed certificate is present
@@ -86,6 +91,7 @@
   args:
     creates: '{{ openssl_certs_dir }}/{{ openssl_crt_signed }}'
   when: cert_mode == "selfsigned"
+  notify: Restart Nginx webserver
 
 
 - name: Upload contents of certificate file
@@ -96,6 +102,7 @@
     group: root
     mode: "0644"
   when: cert_mode == "static"
+  notify: Restart Nginx webserver
 
 
 - name: Upload contents of chain file
@@ -106,6 +113,7 @@
     group: root
     mode: "0644"
   when: cert_mode == "static"
+  notify: Restart Nginx webserver
 
 
 - name: Ensure CA chain is present
@@ -115,6 +123,7 @@
   args:
     creates: '{{ openssl_certs_dir }}/{{ openssl_chain }}'
   when: cert_mode == "selfsigned"
+  notify: Restart Nginx webserver
 
 
 - name: Ensure CA chain with signed certificate is present
@@ -124,6 +133,7 @@
   args:
     creates: '{{ openssl_certs_dir }}/{{ openssl_crt_signed_and_chain }}'
   when: cert_mode == "selfsigned"
+  notify: Restart Nginx webserver
 
 
 - name: Ensure Diffie-Hellman parameters (2048 bits) are present