diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index d92dbc9aa572ad92367c3465099c19a8b0ce95e1..247f6e748b3a861ca1e75201dba5fd4144d1f67d 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -99,9 +99,10 @@ try:
 
     try:
         from ipalib.x509 import load_pem_x509_certificate
+        certificate_loader = load_pem_x509_certificate
     except ImportError:
         from ipalib.x509 import load_certificate
-        load_pem_x509_certificate = None
+        certificate_loader = load_certificate
 
     # Try to import is_ipa_configured or use a fallback implementation.
     try:
@@ -147,7 +148,6 @@ except ImportError as _err:
     uuid = None
     netaddr = None
     is_ipa_configured = None
-    load_certificate = None
     kerberos = None
     ipaserver = None  # pylint: disable=C0103
 else:
@@ -588,10 +588,7 @@ def load_cert_from_str(cert):
     if not cert.endswith("-----END CERTIFICATE-----"):
         cert += "\n-----END CERTIFICATE-----"
 
-    if load_pem_x509_certificate is not None:
-        cert = load_pem_x509_certificate(cert.encode('utf-8'))
-    else:
-        cert = load_certificate(cert.encode('utf-8'))
+    cert = certificate_loader(cert.encode('utf-8'))
     return cert
 
 
diff --git a/roles/ipaserver/module_utils/ansible_ipa_server.py b/roles/ipaserver/module_utils/ansible_ipa_server.py
index 8e7be0b0cba4c7618b5959cc785cea240c40e487..f1f4972b690b3fb44fd2f07a622a031088762916 100644
--- a/roles/ipaserver/module_utils/ansible_ipa_server.py
+++ b/roles/ipaserver/module_utils/ansible_ipa_server.py
@@ -196,9 +196,10 @@ else:
 
         try:
             from ipalib.x509 import load_pem_x509_certificate
+            certificate_loader = load_pem_x509_certificate
         except ImportError:
             from ipalib.x509 import load_certificate
-            load_pem_x509_certificate = None
+            certificate_loader = load_certificate
 
         try:
             from ipaserver.install.server.install import get_min_idstart
@@ -426,10 +427,7 @@ else:
             if not cert.endswith("-----END CERTIFICATE-----"):
                 cert += "\n-----END CERTIFICATE-----"
 
-            if load_pem_x509_certificate is not None:
-                cert = load_pem_x509_certificate(cert.encode('utf-8'))
-            else:
-                cert = load_certificate(cert.encode('utf-8'))
+            cert = certificate_loader(cert.encode('utf-8'))
         else:
             cert = base64.b64decode(cert)
         return cert