diff --git a/ansible/decommission/archive-instance-networks.yml b/ansible/decommission/archive-instance-networks.yml
deleted file mode 100644
index 9508d2a9..00000000
--- a/ansible/decommission/archive-instance-networks.yml
+++ /dev/null
@@ -1,85 +0,0 @@
-# Remove all instances from the networks in an idr-environment and reattach
-# to an archive network to free up network/router quotas.
-# Not production quality, use with care.
-#
-# Example:
-# 1. Disable services:
-#      ansible-playbook maintenance/archive-instance-services.yml -e idr_environment=demo3
-# 2. Stop servers and move to archived network
-#      ansible-playbook maintenance/archive-instance-networks.yml idr_environment=demo3
-#
-# WARNING:
-# - This playbook is not idempotent with regards to instances and ports
-# - This playbook requires Ansible 2.2+
-# - You should run archive-instance-servers.yml first, otherwise services
-#   such as OMERO will attempt to connect to an non-existent IP. If a server
-#   is inaccessible then shutdown these services as soon as possible after
-#   access is restored.
-# - This playbook will first delete all ports on an instance, then add it to
-#   the archived network. Due to the way caching works if you run this on an
-#   instance that is already on the archive network it'll be disconnected,
-#   but won't be reconnected. You will have to re-run this playbook again.
-
-- hosts: localhost
-
-  # TODO: idr.openstack_idr_network always connects an external network, but
-  # we only want an internal router
-  roles:
-  - role: idr.openstack_idr_network
-    idr_network_name: "{{ archive_network_name }}"
-    idr_network_subnet: "{{ archive_network_subnet }}"
-    idr_network_external_name: "{{ idr_network_route_external }}"
-
-  tasks:
-
-  - name: Stop servers
-    os_server_actions:
-      action: stop
-      server: "{{ item }}"
-    with_items: "{{ groups[ idr_environment + '-hosts'] | default([]) }}"
-
-  - name: Get network ports
-    shell: openstack port list --server {{ item }} --format value | cut -d' ' -f1
-    register: idr_vm_ports
-    check_mode: no
-    changed_when: False
-    with_items: "{{ groups[ idr_environment + '-hosts'] | default([]) }}"
-
-  - name: Delete network ports
-    command: openstack port delete {{ item.stdout }}
-    when: "{{ item.stdout | length > 0 }}"
-    with_items: "{{ idr_vm_ports.results }}"
-
-  - name: Attach instances to archive network
-    include_role:
-      name: idr.openstack_idr_instance_network
-    vars:
-      idr_instance_network_networks:
-      - "{{ archive_network_name }}"
-      idr_instance_networks_server_key: id
-    with_items:
-    - "{{ groups[ idr_environment + '-hosts'] | default([]) }}"
-    loop_control:
-      loop_var: idr_instance_network_server
-
-  # If this fails you will need to delete it manually
-  - name: Delete router
-    os_router:
-      name: "{{ item }}-router"
-      state: absent
-    with_items:
-    - "{{ idr_environment }}"
-    ignore_errors: yes
-
-  # If this fails you will need to delete it manually
-  - name: Delete network
-    os_network:
-      name: "{{ item }}"
-      state: absent
-    with_items:
-    - "{{ idr_environment }}"
-    ignore_errors: yes
-
-  vars:
-  - archive_network_name: archived
-  - archive_network_subnet: "192.168.240.0/24"
diff --git a/ansible/decommission/archive-instance-services.yml b/ansible/decommission/archive-instance-services.yml
index 77394bca..198076f0 100644
--- a/ansible/decommission/archive-instance-services.yml
+++ b/ansible/decommission/archive-instance-services.yml
@@ -1,6 +1,6 @@
 # Shutdown services on a production instance
 
-- hosts: "{{ idr_environment }}-hosts"
+- hosts: "{{ idr_environment | default('idr') }}-hosts"
 
   gather_facts: False
 
diff --git a/ansible/group_vars/proxy-hosts.yml b/ansible/group_vars/proxy-hosts.yml
index bab234c4..0ce7928a 100644
--- a/ansible/group_vars/proxy-hosts.yml
+++ b/ansible/group_vars/proxy-hosts.yml
@@ -266,8 +266,6 @@ nginx_proxy_direct_locations:
   redirect302: /about/curation-workflow.html
 - location: "^~ /connection"
   alias: /srv/www/connection
-- location: "^~ /.well-known/acme-challenge"
-  alias: /srv/www/letsencrypt/challenge
 - location: "= /submitter-survey"
   redirect302: https://forms.gle/beR4vqLrgLgRzgSX9
 - location: "~ ^/mapr/api/(?!config).*($|/)"
diff --git a/ansible/idr-proxy-letsencrypt.yml b/ansible/idr-proxy-letsencrypt.yml
deleted file mode 100644
index 37103fbe..00000000
--- a/ansible/idr-proxy-letsencrypt.yml
+++ /dev/null
@@ -1,81 +0,0 @@
-# Install Lets Encrypt SSL certs
-
-- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts"
-
-  tasks:
-
-  - name: letsencrypt ssl directory
-    become: yes
-    file:
-      path: /etc/letsencrypt/private
-      owner: root
-      group: root
-      mode: 0700
-      recurse: yes
-      state: directory
-
-  - name: letsencrypt http challenge directory
-    become: yes
-    file:
-      path: /srv/www/letsencrypt/challenge
-      recurse: yes
-      state: directory
-      serole: _default
-      setype: _default
-      seuser: _default
-
-  - name: letsencrypt account key
-    become: yes
-    command: openssl genrsa -out /etc/letsencrypt/private/account.key 2048
-    args:
-      creates: /etc/letsencrypt/private/account.key
-
-  - name: letsencrypt csr
-    become: yes
-    command: >
-      openssl req -new -newkey rsa:2048 -nodes
-      -out /etc/letsencrypt/private/domain.csr
-      -keyout /etc/letsencrypt/private/domain.key
-      -subj "/C=GB/ST=/L=Dundee/O=University of Dundee/OU=Open Microscopy Environment/CN={{ idr_subdomain }}.openmicroscopy.org"
-    args:
-      creates: /etc/letsencrypt/private/domain.csr
-
-  - name: letsencrypt get challenge
-    become: yes
-    letsencrypt:
-      account_key: /etc/letsencrypt/private/account.key
-      csr: /etc/letsencrypt/private/domain.csr
-      dest: /etc/letsencrypt/private/domain.crt
-      acme_directory: https://acme-v01.api.letsencrypt.org/directory
-    register: letsencrypt_challenge
-
-  - name: letsencrypt answer challenge
-    become: yes
-    copy:
-      # Should always begin .well-known/acme-challenge/
-      dest: /srv/www/letsencrypt/challenge/{{ letsencrypt_challenge.challenge_data[idr_subdomain + '.openmicroscopy.org']['http-01'].resource | basename }}
-      content: "{{ letsencrypt_challenge.challenge_data[idr_subdomain + '.openmicroscopy.org']['http-01'].resource_value }}"
-    when: 'letsencrypt_challenge | changed'
-
-  - name: letsencrypt get certificate
-    become: yes
-    letsencrypt:
-      account_key: /etc/letsencrypt/private/account.key
-      csr: /etc/letsencrypt/private/domain.csr
-      dest: /etc/letsencrypt/private/domain.crt
-      acme_directory: https://acme-v01.api.letsencrypt.org/directory
-      data: "{{ letsencrypt_challenge }}"
-
-  - name: letsencrypt get certificate chain
-    become: yes
-    get_url:
-      dest: /etc/letsencrypt/private/zzzz-letsencrypt-chain.crt
-      url: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
-
-  - name: letsencrypt create full certificate chain
-    become: yes
-    assemble:
-      src: /etc/letsencrypt/private
-      dest: /etc/letsencrypt/full-chain.crt
-      regexp: 'crt$'
-      mode: '0600'