diff --git a/tasks/main.yml b/tasks/main.yml
index b9eb34e..b77bc96 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -17,6 +17,10 @@
   - name: install blackbox exporter
     apt:
       pkg: prometheus-blackbox-exporter
+  - name: handle cap cap_net_raw, needed for icmp
+    community.general.capabilities:
+      path: /usr/bin/prometheus-blackbox-exporter
+      capability: cap_net_raw+ep
   - name: wrtie blackbox exporter service config
     notify: restart blackbox exporter
     template:
diff --git a/templates/stunnel-client.conf.j2 b/templates/stunnel-client.conf.j2
index 136d397..ad40776 100644
--- a/templates/stunnel-client.conf.j2
+++ b/templates/stunnel-client.conf.j2
@@ -2,9 +2,9 @@
 sslVersion = TLSv1.2
 {% else %}
 sslVersionMin = TLSv1.2
-{% endif %}
 options = SINGLE_ECDH_USE
 options = SINGLE_DH_USE
+{% endif %}
 
 setuid = stunnel4
 setgid = stunnel4