diff --git a/tasks/main.yml b/tasks/main.yml
index 675ed8ac..c09d3e1d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -82,8 +82,9 @@
     apply:
       tags:
         - octavia-config
-  run_once: true
-  when: octavia_generate_certs | bool
+  when:
+    - octavia_generate_certs | bool
+    - _octavia_is_first_play_host
   tags:
     - always
 
diff --git a/tasks/octavia_certs.yml b/tasks/octavia_certs.yml
index 8e7bd34a..9a75aa2c 100644
--- a/tasks/octavia_certs.yml
+++ b/tasks/octavia_certs.yml
@@ -20,6 +20,7 @@
 # system python instead.
 - name: Prepare octavia_cert_setup_host for certificate generation
   delegate_to: "{{ octavia_cert_setup_host }}"
+  delegate_facts: true
   vars:
     ansible_python_interpreter: >-
       {{ (octavia_cert_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']) }}
@@ -94,6 +95,12 @@
       register: _octavia_server_ca
       changed_when: false
 
+    - name: Register a fact for the CA cert and key
+      set_fact:
+        octavia_ca_private_key_fact: "{{ _octavia_ca_private_key['content'] | b64decode }}"
+        octavia_ca_certificate_fact: "{{ _octavia_ca_certificate['content'] | b64decode }}"
+        octavia_server_ca_fact: "{{ _octavia_server_ca['content'] | b64decode }}"
+
 # These are run at the very first installation of Octavia
 # While Octavia acts as a CA for the server certificates,
 # for the amphora it only needs a client certificate and
@@ -105,6 +112,7 @@
 
 - name: Generate keys/certificates on octavia_cert_setup_host
   delegate_to: "{{ octavia_cert_setup_host }}"
+  delegate_facts: true
   vars:
     ansible_python_interpreter: >-
       {{ (octavia_cert_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']) }}
@@ -171,3 +179,8 @@
         src: "{{ octavia_client_cert }}"
       register: _octavia_client_cert
       changed_when: false
+
+    - name: Register a fact for the cert and key
+      set_fact:
+        octavia_client_ca_fact: "{{ _octavia_client_ca['content'] | b64decode }}"
+        octavia_client_cert_fact: "{{ _octavia_client_cert['content'] | b64decode }}"
diff --git a/tasks/octavia_certs_distribute.yml b/tasks/octavia_certs_distribute.yml
index 6b97c18c..35027afe 100644
--- a/tasks/octavia_certs_distribute.yml
+++ b/tasks/octavia_certs_distribute.yml
@@ -5,24 +5,6 @@
     path: /etc/octavia/certs/
     state: directory
 
-- name: Register a fact for the cert and key
-  set_fact:
-    octavia_ca_private_key_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_ca_private_key']['content'] | b64decode }}"
-    octavia_ca_certificate_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_ca_certificate']['content'] | b64decode }}"
-    octavia_server_ca_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_server_ca']['content'] | b64decode }}"
-    octavia_client_ca_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_client_ca']['content'] | b64decode }}"
-    octavia_client_cert_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_client_cert']['content'] | b64decode }}"
-  when: octavia_cert_setup_host != 'localhost'
-
-- name: Register a fact for the cert and key
-  set_fact:
-    octavia_ca_private_key_fact: "{{ _octavia_ca_private_key['content'] | b64decode }}"
-    octavia_ca_certificate_fact: "{{ _octavia_ca_certificate['content'] | b64decode }}"
-    octavia_server_ca_fact:      "{{ _octavia_server_ca['content'] | b64decode }}"
-    octavia_client_ca_fact:      "{{ _octavia_client_ca['content'] | b64decode }}"
-    octavia_client_cert_fact:    "{{ _octavia_client_cert['content'] | b64decode }}"
-  when: octavia_cert_setup_host == 'localhost'
-
 - name: Copy certificates
   copy:
     content: "{{ item.content }}"
@@ -31,15 +13,15 @@
     group: "{{ octavia_system_group_name }}"
     mode: "0640"
   with_items:
-    - content: "{{ octavia_ca_private_key_fact }}"
+    - content: "{{ hostvars[octavia_cert_setup_host]['octavia_ca_private_key_fact'] }}"
       dest: "/etc/octavia/certs/ca_key.pem"
-    - content: "{{ octavia_ca_certificate_fact }}"
+    - content: "{{ hostvars[octavia_cert_setup_host]['octavia_ca_certificate_fact'] }}"
       dest: "/etc/octavia/certs/ca.pem"
-    - content: "{{ octavia_server_ca_fact }}"
+    - content: "{{ hostvars[octavia_cert_setup_host]['octavia_server_ca_fact'] }}"
       dest: "/etc/octavia/certs/server_ca.pem"
-    - content: "{{ octavia_client_ca_fact }}"
+    - content: "{{ hostvars[octavia_cert_setup_host]['octavia_client_ca_fact'] }}"
       dest: "/etc/octavia/certs/client_ca.pem"
-    - content: "{{ octavia_client_cert_fact }}"
+    - content: "{{ hostvars[octavia_cert_setup_host]['octavia_client_cert_fact'] }}"
       dest: "/etc/octavia/certs/client.pem"
   notify:
     - Restart octavia services