diff --git a/tasks/provider-letsencrypt.yml b/tasks/provider-letsencrypt.yml
index 5f8ec2c..540324b 100644
--- a/tasks/provider-letsencrypt.yml
+++ b/tasks/provider-letsencrypt.yml
@@ -10,6 +10,18 @@
 - include_tasks: key.yml
 - include_tasks: csr.yml
 
+- name: check if the certificate will expire soon
+  command: openssl x509 -checkend {{ 60*60*24*30 }} -noout -in {{certificate_file}}
+  register: _certificate_checkend
+  changed_when: _certificate_checkend.rc == 1
+  failed_when: _certificate_checkend.rc > 1
+
+- name: delete certificate when certificate is about to expire
+  file:
+    path: "{{ certificate_file }}"
+    state: absent
+  when: _certificate_checkend.rc == 1
+
 - name: letsencrypt request
   letsencrypt:
     account_key: "{{certificate_letsencrypt_account_key_file}}"