diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index 2fd3ad4a21..6a24adcbfe 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -136,7 +136,7 @@
   set_fact:
     certs_to_sign: "{{certs_to_sign}} + [ '{{item.item.path}}' ]"
   with_items: "{{ssh_cert_files.results}}"
-  when: "item.stat.exists and item.stat.mtime|int < (lookup('pipe', 'date +%s')|int - 25920000)"
+  when: "item.stat.exists and item.item.path.startswith('/etc/ssh') and item.stat.mtime|int < (lookup('pipe', 'date +%s')|int - 25920000)"
   tags:
   - basessh
   - sshd_cert