diff --git a/tasks/haproxy_ssl_letsencrypt.yml b/tasks/haproxy_ssl_letsencrypt.yml
index 205042b..67ca48c 100644
--- a/tasks/haproxy_ssl_letsencrypt.yml
+++ b/tasks/haproxy_ssl_letsencrypt.yml
@@ -75,14 +75,14 @@
     --text
     --rsa-key-size 4096
     --email {{ haproxy_ssl_letsencrypt_email }}
-    --domains {{ external_lb_vip_address }}
+    --domains {{ haproxy_bind_external_lb_vip_address }}
     {% if haproxy_ssl_letsencrypt_certbot_challenge == 'http-01' %}
     --http-01-port {{ haproxy_ssl_letsencrypt_certbot_backend_port }}
     --http-01-address {{ haproxy_ssl_letsencrypt_certbot_bind_address }}
     {% endif %}
     {{ haproxy_ssl_letsencrypt_setup_extra_params }}
   args:
-    creates: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}/fullchain.pem"
+    creates: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ haproxy_bind_external_lb_vip_address }}/fullchain.pem"
 
 - name: Create certbot pre hook
   template:
@@ -102,8 +102,10 @@
 
 - name: Create new pem file for haproxy
   assemble:
-    src: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}"
-    dest: "/etc/ssl/private/haproxy.pem"
+    src: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ haproxy_bind_external_lb_vip_address }}"
+    dest: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '.pem' }}"
     regexp: '(privkey|fullchain).pem$'
+  with_items:
+    - "{{ [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses }}"
   notify:
     - Reload haproxy
diff --git a/templates/letsencrypt_renew_certbot_auto.j2 b/templates/letsencrypt_renew_certbot_auto.j2
index 44ad603..61293f0 100644
--- a/templates/letsencrypt_renew_certbot_auto.j2
+++ b/templates/letsencrypt_renew_certbot_auto.j2
@@ -5,7 +5,9 @@
     --standalone \
     --pre-hook "systemctl stop haproxy" \
 
-cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
-    > /etc/ssl/private/haproxy.pem
+{% for vip in [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses %}
+cat /etc/letsencrypt/live/{{ haproxy_bind_external_lb_vip_address }}/{fullchain,privkey}.pem \
+    > {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ vip  ~ '.pem' }}
+{% endfor %}
 
 systemctl reload haproxy
diff --git a/templates/letsencrypt_renew_certbot_distro.j2 b/templates/letsencrypt_renew_certbot_distro.j2
index 3f896f1..df5b2b9 100644
--- a/templates/letsencrypt_renew_certbot_distro.j2
+++ b/templates/letsencrypt_renew_certbot_distro.j2
@@ -1,7 +1,9 @@
 #!/bin/bash
 # renew cert if required and copy to haproxy destination
 
-cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
-    > /etc/ssl/private/haproxy.pem
+{% for vip in [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses %}
+cat /etc/letsencrypt/live/{{ haproxy_bind_external_lb_vip_address }}/{fullchain,privkey}.pem \
+    > {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ vip  ~ '.pem' }}
+{% endfor %}
 
 systemctl reload haproxy