diff --git a/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml b/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
index 1868c3f659..d8a1d94421 100644
--- a/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
+++ b/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
@@ -1,14 +1,46 @@
 ---
-- name: Copying over libvirt TLS keys {{ file }}
+- name: Copying over libvirt TLS keys (nova-libvirt)
   become: true
+  vars:
+    service: "{{ nova_cell_services['nova-libvirt'] }}"
+    service_name: nova-libvirt
+    paths:
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}"
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}"
   copy:
-    src: "{{ first_found }}"
-    dest: "{{ node_config_directory }}/{{ service_name }}/{{ file }}"
+    src: "{{ lookup('first_found', paths) }}"
+    dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}"
     mode: "0600"
-  with_first_found:
-    - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ file }}"
-    - "{{ node_custom_config }}/nova/nova-libvirt/{{ file }}"
-  loop_control:
-    loop_var: first_found
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cacert.pem
+    - servercert.pem
+    - serverkey.pem
+    - clientcert.pem
+    - clientkey.pem
+  notify:
+    - Restart {{ service_name }} container
+
+- name: Copying over libvirt TLS keys (nova-compute)
+  become: true
+  vars:
+    service: "{{ nova_cell_services['nova-compute'] }}"
+    service_name: nova-compute
+    paths:
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}"
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}"
+  copy:
+    src: "{{ lookup('first_found', paths) }}"
+    dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}"
+    mode: "0600"
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cacert.pem
+    - clientcert.pem
+    - clientkey.pem
   notify:
     - Restart {{ service_name }} container
diff --git a/ansible/roles/nova-cell/tasks/config.yml b/ansible/roles/nova-cell/tasks/config.yml
index 1c7cab9329..f5ca017239 100644
--- a/ansible/roles/nova-cell/tasks/config.yml
+++ b/ansible/roles/nova-cell/tasks/config.yml
@@ -91,39 +91,11 @@
   notify:
     - Restart nova-libvirt container
 
-- name: Copying over libvirt TLS keys (nova-libvirt)
+- name: Copying over libvirt TLS keys
   include_tasks: config-libvirt-tls.yml
-  vars:
-    service: "{{ nova_cell_services['nova-libvirt'] }}"
-    service_name: nova-libvirt
-    file: "{{ item }}"
   when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
     - libvirt_tls | bool
     - libvirt_tls_manage_certs | bool
-  with_items:
-    - cacert.pem
-    - servercert.pem
-    - serverkey.pem
-    - clientcert.pem
-    - clientkey.pem
-
-- name: Copying over libvirt TLS keys (nova-compute)
-  include_tasks: config-libvirt-tls.yml
-  vars:
-    service: "{{ nova_cell_services['nova-compute'] }}"
-    service_name: nova-compute
-    file: "{{ item }}"
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-    - libvirt_tls | bool
-    - libvirt_tls_manage_certs | bool
-  with_items:
-    - cacert.pem
-    - clientcert.pem
-    - clientkey.pem
 
 - name: Copying files for nova-ssh
   become: true