diff --git a/roles/network_plugin/contiv/tasks/main.yml b/roles/network_plugin/contiv/tasks/main.yml
index d5231c3b697e3c6e1a4f3c56805bf2938d35082a..b6163a22b37e834eaa6225bfa739462bd05d25aa 100644
--- a/roles/network_plugin/contiv/tasks/main.yml
+++ b/roles/network_plugin/contiv/tasks/main.yml
@@ -97,13 +97,22 @@
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
 
+- name: Contiv | Check for cert key existence
+  stat:
+    path: /var/contiv/auth_proxy_key.pem
+  register: contiv_certificate_key_state
+  when:
+    - contiv_enable_api_proxy
+    - contiv_generate_certificate
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  run_once: true
+
 - name: Contiv | Generate contiv-api-proxy certificates
-  script: /var/contiv/generate-certificate.sh
-  args:
-    creates: /var/contiv/auth_proxy_key.pem
+  command: /var/contiv/generate-certificate.sh
   when:
     - contiv_enable_api_proxy
     - contiv_generate_certificate
+    - (not contiv_certificate_key_state.stat.exists)
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true