diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml
index 722a266..07005f3 100644
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -110,6 +110,11 @@
           where: ca.crt.tpl
       notify: restart consul-template-nomad
 
+  tags: nomad
+
+- when: nomad_vault_tls.enabled and nomad_conf.server.enabled
+  block:
+
     - name: Deploy consul-template cli cert template
       template: src=cli_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
       loop:
diff --git a/roles/nomad/templates/consul-template.hcl.j2 b/roles/nomad/templates/consul-template.hcl.j2
index 8bc033c..0967853 100644
--- a/roles/nomad/templates/consul-template.hcl.j2
+++ b/roles/nomad/templates/consul-template.hcl.j2
@@ -35,8 +35,10 @@ template {
   exec {
     command = "systemctl reload nomad"
   }
+
 }
 
+{% if nomad_conf.server.enabled %}
 template {
   source          = "{{ nomad_root_dir }}/consul-template/cli.crt.tpl"
   left_delimiter  = "[["
@@ -51,4 +53,4 @@ template {
   destination     = "{{ nomad_root_dir }}/tls/cli.key"
   perms           = 0640
 }
-
+{% endif %}
diff --git a/roles/nomad/templates/profile.sh.j2 b/roles/nomad/templates/profile.sh.j2
index b4697bf..1a135bb 100644
--- a/roles/nomad/templates/profile.sh.j2
+++ b/roles/nomad/templates/profile.sh.j2
@@ -1,9 +1,11 @@
-{% if nomad_conf.tls.http %}
+{% if nomad_conf.tls.http and nomad_conf.server.enabled %}
 export NOMAD_ADDR=https://localhost:{{ nomad_services.http.port }}
 export NOMAD_CACERT={{ nomad_conf.tls.ca_file }}
 {% if nomad_vault_tls.enabled %}
 export NOMAD_CLIENT_CERT={{ nomad_root_dir }}/tls/cli.crt
 export NOMAD_CLIENT_KEY={{ nomad_root_dir }}/tls/cli.key
-export NOMAD_TLS_SERVER_NAME={{ nomad_conf.server.enabled | ternary('server', 'client') }}.global.nomad
+export NOMAD_TLS_SERVER_NAME=server.{{ nomad_conf.region }}.nomad
 {% endif %}
+{% else %}
+# TLS not enabled or not running in server mode
 {% endif %}