diff --git a/tasks/renew-cert.yaml b/tasks/renew-cert.yaml
index 90e0fb582361b80da913e1b27aa8533e4e67718f..5531dcf34a5a173e90ec000998d8aae3f277acf7 100644
--- a/tasks/renew-cert.yaml
+++ b/tasks/renew-cert.yaml
@@ -134,13 +134,23 @@
   notify: '{{ handlers|default([]) }}'
 
 - name: Generate Diffie-Hellman parameters on {{ host }}
-  delegate_to: *delegate_to
-  community.crypto.openssl_dhparam:
-    force: true
-    mode: 0o0644
-    path: /var/ssl/dhparams
-    size: 4096
-    state: present
-  notify: '{{ handlers|default([]) }}'
   tags:
     - dhparams
+  delegate_to: *delegate_to
+  block:
+    - name: Get dhparams file stat
+      ansible.builtin.stat:
+        path: &dhparams /var/ssl/dhparams
+      register: dhparams_stat
+
+    - name: Generate Diffie-Hellman parameters on {{ host }}
+      community.crypto.openssl_dhparam:
+        # yamllint disable rule:line-length
+        force: |-
+          {{ (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 0 }}
+        # yamllint enable rule:line-length
+        mode: 0o0644
+        path: *dhparams
+        size: 4096
+        state: present
+      notify: '{{ handlers|default([]) }}'