diff --git a/tasks/main.yml b/tasks/main.yml
index b640a3c0..01232f8c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -58,7 +58,6 @@
 - import_tasks: horizon_ssl_self_signed.yml
   when:
     - horizon_enable_ssl | bool
-    - not (horizon_external_ssl | bool)
     - horizon_user_ssl_cert is not defined or horizon_user_ssl_key is not defined
   tags:
     - horizon-config
@@ -66,7 +65,6 @@
 - import_tasks: horizon_ssl_user_provided.yml
   when:
     - horizon_enable_ssl | bool
-    - not (horizon_external_ssl | bool)
   tags:
     - horizon-config
 
@@ -74,7 +72,6 @@
   command: "update-ca-certificates -f"
   when:
     - horizon_enable_ssl | bool
-    - not (horizon_external_ssl | bool)
     - ansible_facts['pkg_mgr'] == 'apt'
   tags:
     - horizon-config
diff --git a/templates/horizon_local_settings.py.j2 b/templates/horizon_local_settings.py.j2
index 49476f14..f6d462a1 100644
--- a/templates/horizon_local_settings.py.j2
+++ b/templates/horizon_local_settings.py.j2
@@ -49,7 +49,7 @@ LOGOUT_URL = '{{ horizon_logout_url }}'
 # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
 ALLOWED_HOSTS = {{ horizon_allowed_hosts | to_json }}
 
-{% if (horizon_enable_ssl | bool) and (horizon_external_ssl | bool) %}
+{% if horizon_external_ssl | bool %}
 # Set SSL proxy settings:
 # For Django 1.4+ pass this header from the proxy after terminating the SSL,
 # and don't forget to strip it from the client's request.
diff --git a/templates/openstack_dashboard.conf.j2 b/templates/openstack_dashboard.conf.j2
index f2c7df13..5e921776 100644
--- a/templates/openstack_dashboard.conf.j2
+++ b/templates/openstack_dashboard.conf.j2
@@ -6,7 +6,7 @@ Listen {{ horizon_bind_address }}:{{ horizon_listen_port }}
 
 # If horizon is being served via SSL from this web server,
 # then we must redirect HTTP requests to HTTPS.
-{% if (horizon_enable_ssl | bool) and not (horizon_external_ssl | bool) %}
+{% if (horizon_enable_ssl | bool) %}
 <VirtualHost {{ horizon_bind_address }}:{{ horizon_listen_ports.http }}>
     ServerName {{ horizon_server_name }}
     RewriteEngine On
@@ -18,13 +18,13 @@ Listen {{ horizon_bind_address }}:{{ horizon_listen_port }}
 # If horizon is being served via SSL via a load balancer, we
 # need to listen via HTTP on this web server. If SSL is not
 # enabled, then the same applies.
-<VirtualHost {{ horizon_bind_address }}:{{ ((horizon_enable_ssl | bool) and not (horizon_external_ssl | bool)) | ternary(horizon_listen_ports.https, horizon_listen_ports.http) }}>
+<VirtualHost {{ horizon_bind_address }}:{{ (horizon_enable_ssl | bool) | ternary(horizon_listen_ports.https, horizon_listen_ports.http) }}>
     ServerName {{ horizon_server_name }}
     LogLevel  {{ horizon_log_level }}
     ErrorLog  syslog:daemon
     CustomLog "|/usr/bin/env logger -p daemon.info -t {{ horizon_system_service_name }}" {{ horizon_apache_custom_log_format }}
     Options +FollowSymLinks
-{% if (horizon_enable_ssl | bool) and not (horizon_external_ssl | bool) %}
+{% if horizon_enable_ssl | bool %}
     SSLEngine on
     SSLCertificateFile    {{ horizon_ssl_cert }}
     SSLCertificateKeyFile {{ horizon_ssl_key }}
@@ -42,9 +42,9 @@ Listen {{ horizon_bind_address }}:{{ horizon_listen_port }}
     {% endif -%}
     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
 {% endif %}
-{% if (horizon_enable_ssl | bool) and (horizon_external_ssl | bool) %}
+{% if horizon_external_ssl | bool %}
     RequestHeader set {{ horizon_secure_proxy_ssl_header }} "https"
-{% elif not (horizon_enable_ssl | bool) and (horizon_external_ssl | bool) %}
+{% else %}
     RequestHeader set {{ horizon_secure_proxy_ssl_header }} "http"
 {% endif %}