diff --git a/roles/tls_everywhere/tasks/common.yaml b/roles/tls_everywhere/tasks/common.yaml
index 1b2ed4d98..ac1dc0e38 100644
--- a/roles/tls_everywhere/tasks/common.yaml
+++ b/roles/tls_everywhere/tasks/common.yaml
@@ -133,7 +133,7 @@
 
 - name: Set fact for IdM/FreeIPA host entry
   set_fact:
-    host_entry: "{{ ansible_fqdn }}@{{ ipa_realm.value }}"
+    host_entry: "{{ ansible_facts['fqdn'] }}@{{ ipa_realm.value }}"
   when: ipa_conf_stat.stat.exists
 
 - name: Set fact for IdM/FreeIPA host principal
diff --git a/roles/tls_everywhere/tasks/ipa-server-check.yaml b/roles/tls_everywhere/tasks/ipa-server-check.yaml
index b1cd0c701..1ab2fca35 100644
--- a/roles/tls_everywhere/tasks/ipa-server-check.yaml
+++ b/roles/tls_everywhere/tasks/ipa-server-check.yaml
@@ -23,7 +23,7 @@
 #   This playbook contains the following parameters
 #   - tls_everywhere_check_dns_aci - which determines if we want to check
 #     for the DNS ACI.  This defaults to true.
-#   - tls_everywhere_undercloud_fqdn - which defaults to ansible_fqdn
+#   - tls_everywhere_undercloud_fqdn - which defaults to ansible_facts['fqdn']
 
 - name: check if undercloud is an ipa client
   stat:
@@ -34,7 +34,7 @@
   when: ipa_default_conf.stat.exists
   vars:
     check_dns_aci: "{{ tls_everywhere_check_dns_aci | default(True)}}"
-    undercloud_fqdn: "{{ tls_everywhere_undercloud_fqdn | default(ansible_fqdn) }}"
+    undercloud_fqdn: "{{ tls_everywhere_undercloud_fqdn | default(ansible_facts['fqdn']) }}"
     ipa_server_aci_check_failures: []
     fail_1: >-
       The IPA server does not have the required ACI to allow host