diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml
index 85c94fc05d..94aca75529 100644
--- a/roles/fas_server/tasks/main.yml
+++ b/roles/fas_server/tasks/main.yml
@@ -190,28 +190,6 @@
   tags:
   - config
 
-- name: install totpcgi key and cert
-  copy: src="{{ puppet_private }}/{{ item.file }}" dest="{{ item.dest }}"
-        owner=fas group=fas mode=0400
-  with_items:
-  - {file: 2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt, dest: /etc/pki/totpcgi/totpcgi-server.crt }
-  - {file: 2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key, dest: /etc/pki/totpcgi/totpcgi-server.key }
-  - {file: 2fa-certs/keys/ca.crt, dest: /etc/pki/totpcgi/totpcgi-ca.crt }
-  when: master_fas_node == True and '.stg.' in inventory_hostname
-  tags:
-  - config
-
-- name: install totpcgi key and cert
-  copy: src="{{ puppet_private }}/{{ item.file }}" dest="{{ item.dest }}"
-        owner=fas group=fas mode=0400
-  with_items:
-  - {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt, dest: /etc/pki/totpcgi/totpcgi-server.crt }
-  - {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.key, dest: /etc/pki/totpcgi/private/totpcgi-server.key }
-  - {file: 2fa-certs/keys/ca.crt, dest: /etc/pki/totpcgi/totpcgi-ca.crt }
-  when: master_fas_node == True and not '.stg.' in inventory_hostname 
-  tags:
-  - config
-
 - name: install /var/lib/fedora-ca/Makefile file
   copy: >
     src="Makefile.fedora-ca"
diff --git a/roles/totpcgi/tasks/main.yml b/roles/totpcgi/tasks/main.yml
index fb865da339..e90d6eb213 100644
--- a/roles/totpcgi/tasks/main.yml
+++ b/roles/totpcgi/tasks/main.yml
@@ -34,6 +34,28 @@
   - pki/totpcgi
   - totpcgi/totp
 
+- name: install totpcgi key and cert
+  copy: src="{{ puppet_private }}/{{ item.file }}" dest="{{ item.dest }}"
+        owner=fas group=fas mode=0400
+  with_items:
+  - {file: 2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt, dest: /etc/pki/totpcgi/totpcgi-server.crt }
+  - {file: 2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key, dest: /etc/pki/totpcgi/totpcgi-server.key }
+  - {file: 2fa-certs/keys/ca.crt, dest: /etc/pki/totpcgi/totpcgi-ca.crt }
+  when: master_fas_node == True and '.stg.' in inventory_hostname
+  tags:
+  - config
+
+- name: install totpcgi key and cert
+  copy: src="{{ puppet_private }}/{{ item.file }}" dest="{{ item.dest }}"
+        owner=fas group=fas mode=0400
+  with_items:
+  - {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt, dest: /etc/pki/totpcgi/totpcgi-server.crt }
+  - {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.key, dest: /etc/pki/totpcgi/private/totpcgi-server.key }
+  - {file: 2fa-certs/keys/ca.crt, dest: /etc/pki/totpcgi/totpcgi-ca.crt }
+  when: master_fas_node == True and not '.stg.' in inventory_hostname
+  tags:
+  - config
+
 - name: create template directory for totpcgiprov
   file: path=/etc/{{ item }} state=directory owner=root group=totpcgiprov mode=750
   with_items: