diff --git a/tasks/haproxy_ssl.yml b/tasks/haproxy_ssl.yml
index 7eae2d0..13bec3c 100644
--- a/tasks/haproxy_ssl.yml
+++ b/tasks/haproxy_ssl.yml
@@ -20,16 +20,11 @@
   tags:
     - haproxy-ssl
 
+ #NOTE (jrosser) the self signed certificate is also needed for bootstrapping
+ #letsencrypt, as haproxy will not start with ssl config but a missing certificate
 - include_tasks: haproxy_ssl_self_signed.yml
   when:
     - haproxy_ssl | bool
-    - not haproxy_ssl_letsencrypt_enable | bool
-    - haproxy_user_ssl_cert is not defined or haproxy_user_ssl_key is not defined
-
-- include_tasks: haproxy_ssl_letsencrypt.yml
-  when:
-    - haproxy_ssl | bool
-    - haproxy_ssl_letsencrypt_enable | bool
     - haproxy_user_ssl_cert is not defined or haproxy_user_ssl_key is not defined
 
 - include_tasks: haproxy_ssl_user_provided.yml
diff --git a/tasks/haproxy_ssl_letsencrypt.yml b/tasks/haproxy_ssl_letsencrypt.yml
index f08b1c0..c9bd583 100644
--- a/tasks/haproxy_ssl_letsencrypt.yml
+++ b/tasks/haproxy_ssl_letsencrypt.yml
@@ -61,12 +61,6 @@
     state: present
   when: haproxy_ssl_letsencrypt_install_method == 'distro'
 
-- name: Stop haproxy for certbot activity
-  service:
-    name: "haproxy"
-    state: "stopped"
-  when: lcdatadir.stat.exists == False
-
 - name: Create first time ssl cert with certbot
   command: >
     {{ haproxy_ssl_letsencrypt_certbot_binary }} certonly
diff --git a/tasks/main.yml b/tasks/main.yml
index 9eb08b1..8f936b4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -39,3 +39,12 @@
 - include_tasks: haproxy_post_install.yml
   tags:
     - haproxy_server-config
+
+  # NOTE(jrosser) we must reload the haproxy config before doing the first time certbot setup to ensure the letsencypt backend is configured
+- meta: flush_handlers
+
+- include_tasks: haproxy_ssl_letsencrypt.yml
+  when:
+    - haproxy_ssl | bool
+    - haproxy_ssl_letsencrypt_enable | bool
+    - haproxy_user_ssl_cert is not defined or haproxy_user_ssl_key is not defined