diff --git a/zato/actions/renew_crt b/zato/actions/renew_crt
new file mode 100755
index 0000000..6b7c6c2
--- /dev/null
+++ b/zato/actions/renew_crt
@@ -0,0 +1,11 @@
+#!/bin/bash
+# compose: no-hooks
+
+## Merged letsencrypt certificate for load_balancer in zato 
+
+. $CHARM_PATH/lib/common
+
+DOMAIN=$(relation:get "$SERVICE_NAME":web-proxy domain)
+
+
+merge_crt_letsencrypt "$DOMAIN" || exit 1 
diff --git a/zato/hooks/web_proxy-relation-joined b/zato/hooks/web_proxy-relation-joined
index 3b523ac..42f449a 100755
--- a/zato/hooks/web_proxy-relation-joined
+++ b/zato/hooks/web_proxy-relation-joined
@@ -1,14 +1,13 @@
 #!/bin/bash
 
+. lib/common
+
 DOMAIN=$(relation-get domain) || exit 1
-DEST_LETSENCRYPT_FULLCHAIN="$SERVICE_DATASTORE/opt/zato/letsencrypt-fullchain.pem"
 CUSTOM_CREATE_LB_PATH="/opt/zato/3.2.0/code/zato-cli/src/zato/cli/create_lb.py"
 
 set -e
 
-mkdir -p "${DEST_LETSENCRYPT_FULLCHAIN%/*}"
-
-cat $DATASTORE/letsencrypt/etc/letsencrypt/live/$DOMAIN/{fullchain,privkey}.pem > "$DEST_LETSENCRYPT_FULLCHAIN" || exit 1
+merge_crt_letsencrypt "$DOMAIN"
 
 # adding custom config file to handle https in load_balancer with letsencrypt-fullchain certificate
 
@@ -20,4 +19,4 @@ services:
       - $DEST_LETSENCRYPT_FULLCHAIN:/opt/zato/letsencrypt-fullchain.pem
 "
 
-info "Configured $SERVICE_NAME load_balancer with HTTPS support."
\ No newline at end of file
+info "Configured $SERVICE_NAME load_balancer with HTTPS support."
diff --git a/zato/lib/common b/zato/lib/common
index 048b792..0e5d8f6 100644
--- a/zato/lib/common
+++ b/zato/lib/common
@@ -37,3 +37,15 @@ exec_as_zato_in_container() {
         return 1
     fi
 }
+
+## merge certificate for zato HapProxy to handle https API calls
+merge_crt_letsencrypt(){
+    local DOMAIN="$1"
+    
+    DEST_LETSENCRYPT_FULLCHAIN="$SERVICE_DATASTORE/opt/zato/letsencrypt-fullchain.pem"
+    mkdir -p "${DEST_LETSENCRYPT_FULLCHAIN%/*}"
+    cat $DATASTORE/letsencrypt/etc/letsencrypt/live/$DOMAIN/{fullchain,privkey}.pem > "$DEST_LETSENCRYPT_FULLCHAIN" || return 1
+    info "Letsencrypt {fullchain,privkey}.pem have been concat to /opt/zato/letsencrypt-fullchain.pem for zato hapProxy conf"
+}
+
+
diff --git a/zato/metadata.yml b/zato/metadata.yml
index 53dde60..673e320 100644
--- a/zato/metadata.yml
+++ b/zato/metadata.yml
@@ -20,6 +20,13 @@ uses:
     auto: summon
     solves:
       database: "main storage"
+  schedule-command:
+    constraint: required
+    auto: pair
+    solves:
+      maintenance: "Auto renew crt for hapProxy in zato"
+    default-options: !var-expand
+      (35 3 * * 7) {-D -p 10} compose renew_crt "$BASE_SERVICE_NAME"
   backup:
     constraint: recommended
     auto: pair