diff --git a/Ansible/tasks/renew-cert.yaml b/Ansible/tasks/renew-cert.yaml
index c8f15f82cd17db9f80eb0013d4cae7654c080df2..00bf385a06ec82829cad60383e916cbe6c80addf 100644
--- a/Ansible/tasks/renew-cert.yaml
+++ b/Ansible/tasks/renew-cert.yaml
@@ -12,6 +12,11 @@
   tags:
     - always
 
+- name: Calculate the time 1 year ago (for regenerating long-term keys)
+  ansible.builtin.set_fact:
+    one_year_ago: |-
+      {{ ansible_facts.date_time.epoch|int - (60*60*24*365) }}
+
 - name: Get account key file stat
   ansible.builtin.stat:
     path: &account_key_src account.key
@@ -23,7 +28,7 @@
   community.crypto.openssl_privatekey:
     # yamllint disable rule:line-length
     force: |-
-      {{ account_key_stat.stat.exists and (ansible_facts.date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+      {{ account_key_stat.stat.exists and account_key_stat.stat.mtime|int < one_year_ago }}
     # yamllint enable rule:line-length
     mode: 0o0600
     path: *account_key_src
@@ -61,7 +66,7 @@
   community.crypto.openssl_privatekey:
     # yamllint disable rule:line-length
     force: |-
-      {{  host_key_stat.stat.exists and (ansible_facts.date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+      {{  host_key_stat.stat.exists and host_key_stat.stat.mtime|int < one_year_ago }}
     # yamllint enable rule:line-length
     mode: &mode 0o0600
     path: *key_src
@@ -180,7 +185,7 @@
       community.crypto.openssl_dhparam:
         # yamllint disable rule:line-length
         force: |-
-          {{ dhparams_stat.stat.exists and (ansible_facts.date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
+          {{ dhparams_stat.stat.exists and dhparams_stat.stat.mtime|int < one_year_ago }}
         # yamllint enable rule:line-length
         mode: 0o0644
         path: *dhparams