diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 0ed5cbd..91a6425 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -8,7 +8,13 @@
   when: nginx_ssl
 
 - name: Ensure certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
+  command:
+    cmd: >
+      openssl req -x509 -nodes -newkey rsa:2048
+      -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key
+      -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt
+      -days 730 -subj "/CN={{ ansible_fqdn }}"
+    creates: /etc/nginx/ssl/{{ ansible_fqdn }}.crt
   when: nginx_ssl
   notify: Restart nginx
 
diff --git a/roles/web-gw/tasks/main.yml b/roles/web-gw/tasks/main.yml
index 1eace25..fe734a8 100644
--- a/roles/web-gw/tasks/main.yml
+++ b/roles/web-gw/tasks/main.yml
@@ -1,7 +1,13 @@
 ---
 
 - name: Ensure certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
+  command:
+    cmd: >
+      openssl req -x509 -nodes -newkey rsa:2048
+      -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key
+      -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt
+      -days 730 -subj "/CN={{ ansible_fqdn }}"
+    creates: /etc/nginx/ssl/{{ ansible_fqdn }}.crt
   notify: Restart nginx
 
 - name: Create web content directory
diff --git a/roles/web-svc/tasks/websvc.yml b/roles/web-svc/tasks/websvc.yml
index a82d68a..0b5d488 100644
--- a/roles/web-svc/tasks/websvc.yml
+++ b/roles/web-svc/tasks/websvc.yml
@@ -1,7 +1,13 @@
 ---
 
 - name: Ensure certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ domain }}.key -out /etc/nginx/ssl/{{ domain }}.crt -days 730 -subj "/CN={{ domain }}" creates=/etc/nginx/ssl/{{ domain }}.crt
+  command:
+    cmd: >
+      openssl req -x509 -nodes -newkey rsa:2048
+      -keyout /etc/nginx/ssl/{{ domain }}.key
+      -out /etc/nginx/ssl/{{ domain }}.crt
+      -days 730 -subj "/CN={{ domain }}"
+    creates: /etc/nginx/ssl/{{ domain }}.crt
   notify: Restart nginx
 
 - name: Configure certificate manager