diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index d6e233e2f..37568d694 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -21,7 +21,7 @@
   notify: set secret_changed
 
 - set_fact:
-    master_certs: ['ca.pem', 'ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
+    master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
     node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
 
 - name: certs | Get the certs from first master
@@ -39,8 +39,7 @@
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
   with_items: '{{slurp_certs.results}}'
-  when: item.item in master_certs and
-        inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
+  when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
 - name: certs | Copy certs on nodes