diff --git a/ansible/roles/openldap_server/tasks/tls.yaml b/ansible/roles/openldap_server/tasks/tls.yaml
index 1d115fa..83d9761 100644
--- a/ansible/roles/openldap_server/tasks/tls.yaml
+++ b/ansible/roles/openldap_server/tasks/tls.yaml
@@ -1,3 +1,21 @@
+- name: Copy TLS cert into place
+  copy:
+    src: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
+    dest: /etc/openldap/certs/ldap.crt
+    owner: ldap
+    group: ldap
+    mode: 0600
+    remote_src: true
+
+- name: Copy cert private key into place
+  copy:
+    src: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.key"
+    dest: /etc/openldap/certs/ldap.key
+    owner: ldap
+    group: ldap
+    mode: 0600
+    remote_src: true
+
 - name: Configure TLS cert
   community.general.ldap_attrs:
     dn: cn=config