diff --git a/roles/base/files/common-scripts/proxy-conditional-reload.sh b/roles/base/files/common-scripts/proxy-conditional-reload.sh
index ef600875f3..dada0124a3 100644
--- a/roles/base/files/common-scripts/proxy-conditional-reload.sh
+++ b/roles/base/files/common-scripts/proxy-conditional-reload.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # reload SERVICE only if PACKAGE is installed.
 # We use this throughout handlers/restart_services.yml
-
+HOST=$(hostname -s)
 SERVICE=$1
 PACKAGE=$2
 
@@ -9,8 +9,8 @@ rpm -q $PACKAGE
 
 INSTALLED=$?
 
-if [ ! -f /etc/httpd/ticketkey_*.tkey ]; then
-    # This host is not configured yet, do not try and restart httpd
+if [ ! -f /etc/httpd/ticketkey_*.tkey -a ! $HOST =~ (^proxy) ]; then
+    # This host is not configured yet and not proxy host, do not try and restart httpd
     exit 0
 fi
 
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index c44c0bfdf2..afae56da4e 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -8,7 +8,7 @@
     mode=0644
   tags:
   - letsencrypt
-  
+
 - name: Generate (or renew) the certificate
   delegate_to: "certgetter01.iad2.fedoraproject.org"
   command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
@@ -106,7 +106,8 @@
   tags:
   - letsencrypt
   delegate_to: "{{ certbot_addhost }}"
-  when: certbot_addhost is defined
+  when:
+    - certbot_addhost is defined
 
 - name: Install the intermediate/chain certificate (additional host)
   copy: >
@@ -120,7 +121,8 @@
   tags:
   - letsencrypt
   delegate_to: "{{ certbot_addhost }}"
-  when: certbot_addhost is defined
+  when:
+    - certbot_addhost is defined
 
 - name: Install the key (additional host)
   copy: >
@@ -134,7 +136,8 @@
   tags:
   - letsencrypt
   delegate_to: "{{ certbot_addhost }}"
-  when: certbot_addhost is defined
+  when:
+    - certbot_addhost is defined
 
 - name: Install certificate bundle
   template: >