diff --git a/roles/nginx/site/tasks/main.yml b/roles/nginx/site/tasks/main.yml
index b66649c..d6c7cc3 100644
--- a/roles/nginx/site/tasks/main.yml
+++ b/roles/nginx/site/tasks/main.yml
@@ -38,6 +38,7 @@
     mode: 0644
     owner: root
     group: "{{ ansible_wheel }}"
+    validate: /usr/bin/openssl x509 -in %s -noout
   with_first_found:
     - "/srv/letsencrypt/live/{{ site }}/fullchain.pem"
     - "/srv/ca/certs/{{ site }}.crt"