diff --git a/ansible/group_vars/all/websites.yml b/ansible/group_vars/all/websites.yml
index 3213c718..b6c47534 100644
--- a/ansible/group_vars/all/websites.yml
+++ b/ansible/group_vars/all/websites.yml
@@ -169,14 +169,7 @@ websites:
     alternative_names: []
     custom_config: true
     state: "present"
-
-  - name: "photos.{{ canonical_hostname }}"
-    user: "pxl"
-    alternative_names:
-      - "fotos.{{ canonical_hostname }}"
-    authenticated: true
-    state: "present"
-
+    
   - name: "execut-speakers.{{ canonical_hostname }}"
     user: "symposium"
     alternative_names: []
diff --git a/ansible/roles/chroma/templates/chroma.conf.j2 b/ansible/roles/chroma/templates/chroma.conf.j2
index fa5a6d2c..1cb5d4ec 100644
--- a/ansible/roles/chroma/templates/chroma.conf.j2
+++ b/ansible/roles/chroma/templates/chroma.conf.j2
@@ -1,5 +1,20 @@
 # {{ ansible_managed }}
 
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name photos.{{ canonical_hostname }};
+
+  ssl_certificate /etc/letsencrypt/live/photos.{{ canonical_hostname }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/photos.{{ canonical_hostname }}/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/photos.{{ canonical_hostname }}/chain.pem;
+
+  include includes/security-headers.conf;
+
+  return 301 https://chroma.{{ canonical_hostname }}$request_uri;
+}
+
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;