diff --git a/ansible/roles/tlscert_existing/defaults/main.json b/ansible/roles/tlscert_existing/defaults/main.json
new file mode 100644
index 0000000..0a042c4
--- /dev/null
+++ b/ansible/roles/tlscert_existing/defaults/main.json
@@ -0,0 +1,7 @@
+{
+	"var_tlscert_existing_key_path": "/tmp/key.pem",
+	"var_tlscert_existing_cert_path": "/tmp/cert.pem",
+	"var_tlscert_existing_domain_base": "example.org",
+	"var_tlscert_existing_domain_path": "foo",
+	"var_tlscert_existing_ssl_directory": "/etc/ssl"
+}
diff --git a/ansible/roles/tlscert_existing/tasks/main.json b/ansible/roles/tlscert_existing/tasks/main.json
new file mode 100644
index 0000000..9b3ad3e
--- /dev/null
+++ b/ansible/roles/tlscert_existing/tasks/main.json
@@ -0,0 +1,32 @@
+[
+	{
+		"name": "directories",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{item}}"
+		},
+		"loop": [
+			"{{var_tlscert_existing_ssl_directory}}/private",
+			"{{var_tlscert_existing_ssl_directory}}/csr",
+			"{{var_tlscert_existing_ssl_directory}}/certs",
+			"{{var_tlscert_existing_ssl_directory}}/fullchains"
+		]
+	},
+	{
+		"name": "key",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_key_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/private/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	},
+	{
+		"name": "cert",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_cert_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	}
+]