diff --git a/roles/tsg-diagnose_sync_ca/tasks/main.yml b/roles/tsg-diagnose_sync_ca/tasks/main.yml
index c1e2dcf..1d30505 100644
--- a/roles/tsg-diagnose_sync_ca/tasks/main.yml
+++ b/roles/tsg-diagnose_sync_ca/tasks/main.yml
@@ -1,8 +1,3 @@
-- name: "Tsg-diagnose:copy cert file to device"
-  copy:
-    src: '{{ role_path }}/files/tsg_diagnose_ca.pem'
-    dest: /opt/tsg/tfe/resource/tfe/
-
 - name: "tsg-diagnose: rsync badssl ca certs"
   shell: rsync -avzP --delete 192.168.100.1::blade0toother /tmp/sync/
   ignore_errors: true
@@ -10,3 +5,11 @@
 - name: "tsg-diagnose: add badssl ca file to tfe tls-ca-bundle"
   shell: cat /tmp/sync/ca-root.crt > /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem && cat /tmp/sync/wpr_cert.pem >> /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem
   ignore_errors: true
+  register: result_tsg-diagnose_sync-cert-shell
+
+
+- name: "Tsg-diagnose:copy cert file to device"
+  copy:
+    src: '{{ role_path }}/files/tsg_diagnose_ca.pem'
+    dest: /opt/tsg/tfe/resource/tfe/
+  when: result_tsg-diagnose_sync-cert-shell.rc==1