diff --git a/roles/srv-web-7-7-letsencrypt/tasks/set-caa-records.yml b/roles/srv-web-7-7-letsencrypt/tasks/01_set-caa-records.yml
similarity index 100%
rename from roles/srv-web-7-7-letsencrypt/tasks/set-caa-records.yml
rename to roles/srv-web-7-7-letsencrypt/tasks/01_set-caa-records.yml
diff --git a/roles/srv-web-7-7-letsencrypt/tasks/main.yml b/roles/srv-web-7-7-letsencrypt/tasks/main.yml
index 207366de..0eaa309f 100644
--- a/roles/srv-web-7-7-letsencrypt/tasks/main.yml
+++ b/roles/srv-web-7-7-letsencrypt/tasks/main.yml
@@ -1,21 +1,13 @@
-- name: create nginx letsencrypt config file
-  template: 
-    src:  "letsencrypt.conf.j2"
-    dest: "{{nginx.directories.http.global}}letsencrypt.conf"
-  notify: restart openresty
-  when: run_once_srv_web_7_7_letsencrypt is not defined
+- block:
+    - name: create nginx letsencrypt config file
+      template: 
+        src:  "letsencrypt.conf.j2"
+        dest: "{{nginx.directories.http.global}}letsencrypt.conf"
+      notify: restart openresty
 
-- name: "Set CAA records for all base domains"
-  include_tasks: set-caa-records.yml
-  when:
-    - dns_provider == 'cloudflare'
-    - run_once_srv_web_7_7_letsencrypt is not defined
+    - name: "Set CAA records for all base domains"
+      include_tasks: 01_set-caa-records.yml
+      when: dns_provider == 'cloudflare'
 
-- name: flush nginx service
-  meta: flush_handlers
-  when: run_once_srv_web_7_7_letsencrypt is not defined
-
-- name: run the letsencrypt logic just once
-  set_fact:
-    run_once_srv_web_7_7_letsencrypt: true
+    - include_tasks: utils/run_once.yml
   when: run_once_srv_web_7_7_letsencrypt is not defined