diff --git a/tasks/main.yml b/tasks/main.yml
index 41b46dd5c26bb6c7da09095c7c77c223008f5b37..6210d158b3514be9bcf968597e128befd926c2ed 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,5 +27,29 @@
   - name: "Build HaCerts"
     include: 'buildcerts.yml'
 
+  - name: "Set directory permissions to current user"
+    file:
+      path: '/etc/letsencrypt'
+      owner: '{{ ansible_env.SUDO_USER }}'
+      recurse: yes
+    tags: Certs
+    when: proxy_active
+
+  tags: Certs
+  when: 'proxy_active and "letsencrypt" not in excluded_roles'
+
+- block:
+
+  - name: "Pull Certs from active Proxy"
+    include: 'pullcerts.yml'
+
+  tags: Certs
+  when: 'not proxy_active and "letsencrypt" not in excluded_roles'
+
+- name: "Set directory permissions to root"
+  file:
+    path: '/etc/letsencrypt'
+    owner: 'root'
+    recurse: yes
   tags: Certs
-  when: '"letsencrypt" not in excluded_roles'
+  when: 'false and proxy_active and "letsencrypt" not in excluded_roles'
diff --git a/tasks/pullcerts.yml b/tasks/pullcerts.yml
new file mode 100644
index 0000000000000000000000000000000000000000..baee9a466e0853917375252942621caf95e963b9
--- /dev/null
+++ b/tasks/pullcerts.yml
@@ -0,0 +1,33 @@
+---
+# file: roles/haproxy/tasks/pullcerts.yml
+
+- name: "Find out active proxy"
+  set_fact: proxy_active_host={{ item }}
+  with_items: '{{ groups.proxyserver }}'
+  when: hostvars[item].proxy_active
+
+- name: "Set directory permissions to current user"
+  file:
+    path: '{{ item }}'
+    owner: '{{ ansible_env.SUDO_USER }}'
+    recurse: yes
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'
+
+- name: "Sync files"
+  shell: rsync -r '{{ proxy_active_host }}:{{ item }}/' '{{ item }}'
+  delegate_to: "{{ inventory_hostname }}"
+  become: no
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'
+
+- name: "Set directory permissions to root"
+  file:
+    path: '{{ item }}'
+    owner: 'root'
+    recurse: yes
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'