diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 4e732278581603669c1ae2c8765235bf14bab2fa..0e44be9162020e6262fd881fffd94f81ffb5b961 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -39,11 +39,6 @@
   notify:
     - reload postfix
 
-- name: create dhparam 512
-  command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
-  notify:
-    - reload postfix
-
 - name: install postfix cert renewal hook
   template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
   when: postfix_smtpd_public
diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2
index befc2aa4dde44e4195d54d85759ddad4f71b7ac8..4d6a6c119057f345aefdafd785aed5ba4a3c323b 100644
--- a/roles/postfix/templates/main.cf.j2
+++ b/roles/postfix/templates/main.cf.j2
@@ -20,7 +20,6 @@ smtpd_tls_key_file = /etc/letsencrypt/live/{{inventory_hostname}}/privkey.pem
 {% endif %}
 
 smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
-smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
 smtpd_tls_eecdh_grade = ultra
 tls_preempt_cipherlist = yes
 smtpd_tls_loglevel = 1