diff --git a/roles/irc/tasks/main.yml b/roles/irc/tasks/main.yml
index 0c55ef41923a11607e2b618ddb6061ad4a4c3842..c3ccfbd2525618e8e2a891c4f3c576a60254b9d2 100644
--- a/roles/irc/tasks/main.yml
+++ b/roles/irc/tasks/main.yml
@@ -31,6 +31,11 @@
     - motd.txt
     - rules.txt
 
+- name: Generate dhparams
+  command: openssh dhparams -out /etc/inspircd/dhparams 2048
+  args:
+    creates: /etc/inspircd/dhparams
+
 # Install anope configuration.
 
 - file:
diff --git a/roles/irc/templates/inspircd/modules.conf b/roles/irc/templates/inspircd/modules.conf
index 296956bb2d95133326304aab1ebe5b72face88a1..028ce1117e53be4a9373b88bf3ce41212c2e4ee1 100644
--- a/roles/irc/templates/inspircd/modules.conf
+++ b/roles/irc/templates/inspircd/modules.conf
@@ -49,17 +49,18 @@
 <module name="m_passforward.so">
 <passforward nick="NickServ"
              forwardmsg="NOTICE $nick :*** Forwarding PASS to $nickrequired"
-	     cmd="PRIVMSG $nickrequired :IDENTIFY $pass">
+             cmd="PRIVMSG $nickrequired :IDENTIFY $pass">
 <module name="m_password_hash.so">
 <module name="m_regex_pcre2.so">
 <module name="m_sasl.so">
 <module name="m_services_account.so">
 <module name="m_sethost.so">
 <module name="m_sslmodes.so">
+<module name="m_sslrehashsignal.so">
 
 # TLS configuration
 <module name="m_ssl_gnutls.so">
-<gnutls certfile="/etc/credentials/public/irc.autistici.org/fullchain.pem"
+<sslprofile certfile="/etc/credentials/public/irc.autistici.org/fullchain.pem"
         keyfile="/etc/credentials/public/irc.autistici.org/privkey.pem"
         hash="sha1" priority="NORMAL:-MD5"
         dhfile="/etc/inspircd/dhparams"