diff --git a/tasks/cert_generate.yml b/tasks/cert_generate.yml
index 5934edd6d17d593e3a2ad89a2a8a60beb958559b..9714e5564a4d92ef8a19440db3bd135fc984bd16 100644
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -17,6 +17,7 @@
       protocol: tcp
       jump: ACCEPT
       state: present
+    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
   - name: Install New Cert via webroot
     shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --cert-name {{ cert.domain }} --webroot-path /var/www/html --webroot
@@ -36,6 +37,7 @@
       protocol: tcp
       jump: ACCEPT
       state: absent
+    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
   - include_tasks: cert_deploy.yml
 
diff --git a/tasks/renew.yml b/tasks/renew.yml
index 8c10d915b4cc2fb57db7a91b3235aa8e926f9002..a91b0b9f3975fb0021cc6f699d6d311c21dfc55c 100644
--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -19,6 +19,7 @@
     protocol: tcp
     jump: ACCEPT
     state: present
+  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
 - name: Renew Existing Certs via webroot
   shell: certbot renew --non-interactive --webroot-path /var/www/html --webroot
@@ -42,6 +43,7 @@
     protocol: tcp
     jump: ACCEPT
     state: absent
+  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
 - include_tasks: cert_deploy.yml
   with_items: '{{ letsencrypt_certificates|default([]) }}'