diff --git a/roles/rproxy/tasks/repo.yml b/roles/rproxy/tasks/repo.yml
index 1cd47e2..ebff6fe 100644
--- a/roles/rproxy/tasks/repo.yml
+++ b/roles/rproxy/tasks/repo.yml
@@ -27,15 +27,6 @@
       become_user: "{{ ansible_user }}"
       ignore_errors: true
 
-    - name: Request certificate via ipa-getcert
-      ansible.builtin.command: >
-        ipa-getcert request
-        -f {{ rproxy_dir }}/certs/repo.crt
-        -k {{ rproxy_dir }}/certs/repo.key
-        -K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-        -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-        -F {{ rproxy_dir }}/certs/RootCA.crt
-
     - name: Get all tracking certificates
       ansible.builtin.shell:
         cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
@@ -47,6 +38,15 @@
       loop: "{{ tracking_list.stdout_lines }}"
       ignore_errors: true
 
+    - name: Request certificate via ipa-getcert
+      ansible.builtin.command: >
+        ipa-getcert request
+        -f {{ rproxy_dir }}/certs/repo.crt
+        -k {{ rproxy_dir }}/certs/repo.key
+        -K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
+        -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
+        -F {{ rproxy_dir }}/certs/RootCA.crt
+
     - name: Wait for certificate to appear
       ansible.builtin.wait_for:
         path: "{{ rproxy_dir }}/certs/repo.crt"