diff --git a/nextcloud.yml b/nextcloud.yml
index 24c2783..0f6739a 100644
--- a/nextcloud.yml
+++ b/nextcloud.yml
@@ -2,10 +2,5 @@
   vars_files:
   - vault/nextcloud
   roles:
-  - role: cert
-    cert_src: lego/_.pyrocufflink.net.crt
-    cert_dest: '{{ apache_ssl_certificate }}'
-    cert_key_src: lego/_.pyrocufflink.net.key
-    cert_key_dest: '{{ apache_ssl_certificate_key }}'
   - apache
   - nextcloud
diff --git a/roles/cert/tasks/main.yml b/roles/cert/tasks/main.yml
index 36d0ae8..491e1ce 100644
--- a/roles/cert/tasks/main.yml
+++ b/roles/cert/tasks/main.yml
@@ -3,10 +3,12 @@
     src: certs/{{ cert_src }}
     dest: '{{ cert_dest }}'
     mode: '{{ cert_mode|d("0644") }}'
+  notify: certificate changed
 - name: ensure server private key is installed
   copy:
     src: certs/{{ cert_key_src }}
     dest: '{{ cert_key_dest }}'
     mode: '{{ cert_key_mode|d("0600") }}'
   diff: false
+  notify: certificate changed
   when: cert_key_src is defined
diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml
index fe3d91d..89f5421 100644
--- a/roles/nextcloud/handlers/main.yml
+++ b/roles/nextcloud/handlers/main.yml
@@ -2,6 +2,7 @@
   service:
     name: httpd
     state: reloaded
+  listen: certificate changed
 - name: upgrade nextcloud
   become: true
   become_user: apache
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
new file mode 100644
index 0000000..40484c6
--- /dev/null
+++ b/roles/nextcloud/meta/main.yml
@@ -0,0 +1,9 @@
+dependencies:
+- role: cert
+  vars:
+    cert_src: lego/_.pyrocufflink.net.crt
+    cert_dest: '{{ apache_ssl_certificate }}'
+    cert_key_src: lego/_.pyrocufflink.net.key
+    cert_key_dest: '{{ apache_ssl_certificate_key }}'
+  tags:
+  - nextcloud
\ No newline at end of file
diff --git a/roles/websites/chmod777.sh/meta/main.yml b/roles/websites/chmod777.sh/meta/main.yml
new file mode 100644
index 0000000..23a3cf9
--- /dev/null
+++ b/roles/websites/chmod777.sh/meta/main.yml
@@ -0,0 +1,9 @@
+dependencies:
+- role: cert
+  vars:
+    cert_src: websites/chmod777.sh.cer
+    cert_dest: /etc/pki/tls/certs/chmod777.sh.cer
+    cert_key_src: websites/chmod777.sh.key
+    cert_key_dest: /etc/pki/tls/private/chmod777.sh.key
+  tags:
+  - websites/chmod777.sh
\ No newline at end of file
diff --git a/roles/websites/darkchestofwonders.us/meta/main.yml b/roles/websites/darkchestofwonders.us/meta/main.yml
new file mode 100644
index 0000000..ffa06dc
--- /dev/null
+++ b/roles/websites/darkchestofwonders.us/meta/main.yml
@@ -0,0 +1,9 @@
+dependencies:
+- role: cert
+  vars:
+    cert_src: websites/darkchestofwonders.us.cer
+    cert_dest: /etc/pki/tls/certs/darkchestofwonders.us.cer
+    cert_key_src: websites/darkchestofwonders.us.key
+    cert_key_dest: /etc/pki/tls/private/darkchestofwonders.us.key
+  tags:
+  - websites/darkchestofwonders.us
\ No newline at end of file
diff --git a/roles/websites/pyrocufflink.net/handlers/main.yml b/roles/websites/pyrocufflink.net/handlers/main.yml
index 09fd3c8..acae895 100644
--- a/roles/websites/pyrocufflink.net/handlers/main.yml
+++ b/roles/websites/pyrocufflink.net/handlers/main.yml
@@ -1,4 +1,5 @@
 - name: reload httpd
   service:
-    name=httpd
-    state=reloaded
+    name: httpd
+    state: reloaded
+  listen: certificate changed
diff --git a/roles/websites/pyrocufflink.net/meta/main.yml b/roles/websites/pyrocufflink.net/meta/main.yml
new file mode 100644
index 0000000..94c0a30
--- /dev/null
+++ b/roles/websites/pyrocufflink.net/meta/main.yml
@@ -0,0 +1,9 @@
+dependencies:
+- role: cert
+  vars:
+    cert_src: websites/pyrocufflink.net.cer
+    cert_dest: /etc/pki/tls/certs/pyrocufflink.net.cer
+    cert_key_src: websites/pyrocufflink.net.key
+    cert_key_dest: /etc/pki/tls/private/pyrocufflink.net.key
+  tags:
+  - websites/pyrocufflink.net
\ No newline at end of file
diff --git a/websites.yml b/websites.yml
index be89b63..542853a 100644
--- a/websites.yml
+++ b/websites.yml
@@ -3,20 +3,6 @@
     apache_default_ssl_vhost: false
   roles:
   - apache
-  - role: cert
-    vars:
-      cert_src: websites/pyrocufflink.net.cer
-      cert_dest: /etc/pki/tls/certs/pyrocufflink.net.cer
-      cert_key_src: websites/pyrocufflink.net.key
-      cert_key_dest: /etc/pki/tls/private/pyrocufflink.net.key
-    tags:
-    - websites/pyrocufflink.net
-    - websites/proxy
-    - websites/proxy-bitwarden
-    - websites/proxy-gitea
-    - websites/proxy-jenkins
-    - websites/proxy-nextcloud
-    - websites/proxy-openvpn
   - role: websites/pyrocufflink.net
     tags: websites/pyrocufflink.net
   - role: websites/dustin.hatch.name
@@ -25,19 +11,8 @@
     tags: websites/ebonfire.com
   - role: websites/nratonpass.com
     tags: websites/nratonpass.com
-  - role: cert
-    cert_src: websites/darkchestofwonders.us.cer
-    cert_dest: /etc/pki/tls/certs/darkchestofwonders.us.cer
-    cert_key_src: websites/darkchestofwonders.us.key
-    cert_key_dest: /etc/pki/tls/private/darkchestofwonders.us.key
   - role: websites/darkchestofwonders.us
     tags: websites/darkchestofwonders.us
-  - role: cert
-    cert_src: websites/chmod777.sh.cer
-    cert_dest: /etc/pki/tls/certs/chmod777.sh.cer
-    cert_key_src: websites/chmod777.sh.key
-    cert_key_dest: /etc/pki/tls/private/chmod777.sh.key
-    tags: websites/chmod777.sh
   - role: websites/chmod777.sh
     tags: websites/chmod777.sh
   - role: websites/proxy-bitwarden