diff --git a/tasks/cert_deploy.yml b/tasks/cert_deploy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..491649719fc963a9fd0d662cf8a4a03b3bfcff41
--- /dev/null
+++ b/tasks/cert_deploy.yml
@@ -0,0 +1,23 @@
+---
+# file: roles/letsencrypt/tasks/cert_deploy.yml
+
+- block:
+
+  - name: "Deploy Cert"
+    shell: 'openssl {{ cert.export.type }} -export -out /tmp/{{ cert.domain }}.deploy -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:'
+    args:
+      chdir: '/etc/letsencrypt/live/{{ cert.domain }}'
+
+  - name: "Attribute deployed cert"
+    copy:
+      src: '/tmp/{{ cert.domain }}.deploy'
+      dest: '{{ cert.export.dest }}'
+      remote_src: yes
+      owner: '{{ cert.export.owner }}'
+      group: '{{ cert.export.group }}'
+
+  when: cert.export is defined
+  tags:
+    - 'ApacheConfig'
+    - 'Certs'
+    - 'renew'
diff --git a/tasks/cert_generate.yml b/tasks/cert_generate.yml
index 9130641bcaf6ff8cf1c72ae1e92cd4044d1f39f4..f0ef40e37ea41c728e2ace75625a923627f9b56b 100644
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -31,6 +31,8 @@
       jump: 'ACCEPT'
       state: 'absent'
 
+  - include_tasks: cert_deploy.yml
+
   - name: "Start services"
     service:
       name: '{{ item }}'
diff --git a/tasks/renew.yml b/tasks/renew.yml
index 14368607286c1f8e5fcdc1a2c1bc336b02d4048f..31d5e1853e47e90c82091aecb0665937591f6a7e 100644
--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -33,6 +33,11 @@
     jump: 'ACCEPT'
     state: 'absent'
 
+- include_tasks: cert_deploy.yml
+  with_items: '{{ letsencrypt_certificates|default([]) }}'
+  loop_control:
+    loop_var: cert
+
 - name: "Build HaProxy Certs"
   import_tasks: '../../haproxy/tasks/buildcerts.yml'
   tags: 'always'