diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index a002d2ad7d..0f5bc1f1c4 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -62,6 +62,11 @@ parameters:
     description: >
       The content of the SSL certificate (without Key) in PEM format.
     type: string
+  PublicSSLCertificateAutogenerated:
+    default: false
+    description: >
+      Whether the public SSL certificate was autogenerated or not.
+    type: boolean
   DeployedSSLCertificatePath:
     default: '/etc/pki/tls/private/overcloud_endpoint.pem'
     description: >
@@ -81,10 +86,14 @@ parameters:
 conditions:
 
   public_tls_enabled:
-    not:
-      equals:
-      - {get_param: SSLCertificate}
-      - ""
+    or:
+    - not:
+        equals:
+        - {get_param: SSLCertificate}
+        - ""
+    - equals:
+        - {get_param: PublicSSLCertificateAutogenerated}
+        - true
 
 resources:
 
diff --git a/releasenotes/notes/fix-public-cert-generation-41c75be0b07a48fe.yaml b/releasenotes/notes/fix-public-cert-generation-41c75be0b07a48fe.yaml
new file mode 100644
index 0000000000..5de887c653
--- /dev/null
+++ b/releasenotes/notes/fix-public-cert-generation-41c75be0b07a48fe.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes generation public certificates for haproxy in a non-containerized
+    TLS deployment scenario.