diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 1d64dd0f1..97c6f7226 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -20,7 +20,7 @@
 - name: "Check certs | check if a cert already exists"
   stat:
     path: "{{ kube_cert_dir }}/ca.pem"
-  register: kubecert 
+  register: kubecert
 
 - name: "Check_certs | Set 'sync_certs' to true"
   set_fact:
@@ -28,8 +28,8 @@
   when: >-
       {%- set certs = {'sync': False} -%}
       {%- for server in play_hosts
-         if (not hostvars[server].kubecert.stat.exists) or
-         (hostvars[server].kubecert.stat.checksum != kubecert_master.stat.checksum|default('')) -%}
+         if (not hostvars[server].kubecert.stat.exists|default(False)) or
+         (hostvars[server].kubecert.stat.checksum|default('') != kubecert_master.stat.checksum|default('')) -%}
          {%- set _ = certs.update({'sync': True}) -%}
       {%- endfor -%}
       {{ certs.sync }}