diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index c721b40a2a..b963b068fc 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -159,3 +159,6 @@
 
 - name: restart squid
   service: name=squid state=restarted
+
+- name: "update ca-trust"
+  command: /usr/bin/update-ca-trust
diff --git a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
index b8824c792a..c2800ba72e 100644
--- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
@@ -146,7 +146,8 @@
     copy: src={{ private }}/files/openstack/fed-cloud09.key dest=/etc/pki/tls/private/fed-cloud09.key mode=600 owner=rabbitmq group=root
   - name: add cert to ca-bundle.crt so plain curl works
     copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/ca-trust/source/anchors/ mode=600 owner=root group=root
-  - command: /usr/bin/update-ca-trust
+    notify:
+      - update ca-trust
 
   - name: add ssl cert for keystone
     copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/tls/certs/fed-cloud09-keystone.pem mode=644 owner=keystone group=root