diff --git a/roles/nginx/tasks/letsencrypt.yml b/roles/nginx/tasks/letsencrypt.yml
index fe132b1..5f8173d 100644
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@@ -2,16 +2,20 @@
 
 - name: Copy systemd service to renew Let's Encrypt certs
   template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
+  tags: letsencrypt
 
 - name: Copy systemd timer to renew Let's Encrypt certs
   copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
+  tags: letsencrypt
 
 # always issues daemon-reload just in case the server/timer changed
 - name: Start and enable systemd timer to renew Let's Encrypt certs
   systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
+  tags: letsencrypt
 
 - name: Download certbot
   get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
+  tags: letsencrypt
 
 - name: Install certbot dependencies (Ubuntu 16.04)
   when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
diff --git a/roles/nginx/tasks/vhosts.yml b/roles/nginx/tasks/vhosts.yml
index 566939a..4ca136d 100644
--- a/roles/nginx/tasks/vhosts.yml
+++ b/roles/nginx/tasks/vhosts.yml
@@ -32,7 +32,7 @@
   loop: "{{ nginx_vhosts }}"
   tags: wordpress
 
-- import_tasks: letsencrypt.yml
+- include_tasks: letsencrypt.yml
   when: use_letsencrypt is defined and use_letsencrypt == True
   tags: letsencrypt