diff --git a/config/roles/menshen-frontend/tasks/main.yml b/config/roles/menshen-frontend/tasks/main.yml
index 8b4be8387ee117c54214875db31f80b26774d3c2..057e617ccdf9e05dc869fb8a5f7d057ecdb40a89 100644
--- a/config/roles/menshen-frontend/tasks/main.yml
+++ b/config/roles/menshen-frontend/tasks/main.yml
@@ -7,6 +7,24 @@
     replace: ""
   register: replace_result
 
+##-> to support vpnweb deprecation for older deployments
+- name: Delete nginx vpnweb.conf if it exists
+  file:
+    path: "/etc/nginx/sites-enabled/vpnweb.conf"
+    state: absent
+
+- name: Check if file exists
+  stat:
+    path: "/etc/nginx/sites-available/vpnweb.conf"
+  register: vpnweb_conf_file
+
+- name: Rename deprecated vpnweb config
+  file:
+    src: "/etc/nginx/sites-available/vpnweb.conf"
+    dest: "/etc/nginx/sites-available/.deprecated-vpnweb.conf"
+  when: vpnweb_conf_file.stat.exists
+##<- to support vpnweb deprecation for older deployments
+
 #- name: Show test results
 #  debug: var=replace_result
 
diff --git a/config/roles/menshen/tasks/credentials.yml b/config/roles/menshen/tasks/credentials.yml
index 1b7c146a80e7252f2d1b62184f5aa3c6deabfa37..3e2492fdeef904ceb7a6adb4b1b89a5976ceb8ac 100644
--- a/config/roles/menshen/tasks/credentials.yml
+++ b/config/roles/menshen/tasks/credentials.yml
@@ -15,6 +15,15 @@
     owner: docker-menshen
     mode: 0750
 
+# required since upgrades from older deployments have vpenweb as owner
+- name: Make sure the directories have correct permission
+  file:
+    path: /etc/leap
+    state: directory
+    group: docker-menshen
+    owner: docker-menshen
+    mode: 0750
+
 - name: Install menshen client_ca key
   copy:
     src: "{{ credentials_dir }}/common/client_ca.key"
diff --git a/config/roles/menshen/tasks/main.yml b/config/roles/menshen/tasks/main.yml
index 8e535d86954c431ad5be890c9d6507b68b177ab5..7780df4ef1b23c9352d647fa3cd45cb763d2efd9 100644
--- a/config/roles/menshen/tasks/main.yml
+++ b/config/roles/menshen/tasks/main.yml
@@ -1,6 +1,12 @@
 ---
 - import_tasks: "credentials.yml"
 
+# to support vpnweb deprecation duirng upgrades from older deployments
+- name: Delete vpnweb config folder
+  file:
+    path: "/etc/leap/vpnweb"
+    state: absent
+
 # need to install the api dirs
 - name: "Create API versioned directories"
   file:
diff --git a/config/roles/provider/tasks/main.yml b/config/roles/provider/tasks/main.yml
index 7c6611e8c8ca30e3cdfbc50bef7143f41732f8fe..89152378f6ec28081586cb61357953c6ee582d8b 100644
--- a/config/roles/provider/tasks/main.yml
+++ b/config/roles/provider/tasks/main.yml
@@ -1,13 +1,13 @@
 # install the provider.json
 - name: "Create directory for provider.json to live"
   file:
-    path: "/etc/leap/config/vpnweb"
+    path: "/etc/leap/config"
     state: directory
 
 - name: "Render the provider.json template"
   template:
     src: 'provider-config.json.j2'
-    dest: '/etc/leap/config/vpnweb/provider.json'
+    dest: '/etc/leap/config/provider.json'
 
 # Make sure the endpoint CA is available at {{ provider_domain }}/ca.crt
 # eg. https://black.riseup.net/ca.crt
diff --git a/config/roles/vpnweb/handlers/main.yml b/config/roles/vpnweb/handlers/main.yml
deleted file mode 100644
index 9eee21f23e42a61b673b52c582c83e4012345eb5..0000000000000000000000000000000000000000
--- a/config/roles/vpnweb/handlers/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-- name: reload firewall
-  systemd:
-    name: firewall.service
-    state: restarted
-
-- listen: "restart docker-vpnweb-vpnweb"
-  systemd:
-    name: "docker-vpnweb-vpnweb.service"
-    state: restarted
diff --git a/config/roles/vpnweb/meta/main.yml b/config/roles/vpnweb/meta/main.yml
deleted file mode 100644
index a55feb4a677796bad18399a96124edd34c7ca4da..0000000000000000000000000000000000000000
--- a/config/roles/vpnweb/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-dependencies:
-  - { role: simplevpn }
diff --git a/config/roles/vpnweb/tasks/credentials.yml b/config/roles/vpnweb/tasks/credentials.yml
deleted file mode 100644
index 8d061b8151eb5d0b7245ec9c62885663820f7935..0000000000000000000000000000000000000000
--- a/config/roles/vpnweb/tasks/credentials.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-
-- name: add docker-vpnweb user to group docker-menshen
-  user:
-    name: docker-vpnweb
-    groups: docker-menshen
-    append: yes
-  notify:
-    - "restart docker-menshen-menshen"
diff --git a/config/roles/vpnweb/tasks/main.yml b/config/roles/vpnweb/tasks/main.yml
deleted file mode 100644
index 23224fe9fe6d34c293e2511edeefb51f96fd4249..0000000000000000000000000000000000000000
--- a/config/roles/vpnweb/tasks/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-- import_tasks: "credentials.yml"
diff --git a/site.yml b/site.yml
index 48c0ded9237cb5b8c2d62794e0bfcf132f4e553f..f1c4c85ccd128f6697706474b5f1dff11b743c38 100644
--- a/site.yml
+++ b/site.yml
@@ -12,6 +12,7 @@
 
 - hosts: menshen 
   roles:
+    - provider
     - leap-prometheus
     - menshen