diff --git a/roles/ssh_tunneling/tasks/main.yml b/roles/ssh_tunneling/tasks/main.yml
index 35161bc..8a1d496 100644
--- a/roles/ssh_tunneling/tasks/main.yml
+++ b/roles/ssh_tunneling/tasks/main.yml
@@ -37,6 +37,7 @@
         ssh_key_bits: 256
         ssh_key_comment: '{{ item }}@{{ IP_subject_alt_name }}'
         ssh_key_passphrase: "{{ easyrsa_p12_export_password }}"
+        update_password: on_create
         state: present
         append: yes
       with_items: "{{ users }}"
@@ -82,7 +83,7 @@
       become: no
       with_items:
         - "{{ users }}"
-        
+
     - name: SSH | Get active system users
       shell: >
         getent group algo | cut -f4 -d: | sed "s/,/\n/g"
diff --git a/roles/vpn/tasks/openssl.yml b/roles/vpn/tasks/openssl.yml
index 23cde5a..542fec3 100644
--- a/roles/vpn/tasks/openssl.yml
+++ b/roles/vpn/tasks/openssl.yml
@@ -122,7 +122,9 @@
       -passout pass:"{{ easyrsa_p12_export_password }}"
     args:
       chdir: "configs/{{ IP_subject_alt_name }}/pki/"
+      creates: private/{{ item }}.p12
     with_items: "{{ users }}"
+    register: p12
 
   - name: Copy the p12 certificates
     copy:
diff --git a/users.yml b/users.yml
index a9be55e..bf25b03 100644
--- a/users.yml
+++ b/users.yml
@@ -62,7 +62,7 @@
         - debug:
             msg:
               - "{{ congrats.common.split('\n') }}"
-              - "    {{ congrats.p12_pass }}"
+              - "    {% if p12.changed %}{{ congrats.p12_pass }}{% endif %}"
           tags: always
       rescue:
         - debug: var=fail_hint