diff --git a/tasks/certificate_from_private_ca.yml b/tasks/certificate_from_private_ca.yml
index 229d1cf..238524f 100644
--- a/tasks/certificate_from_private_ca.yml
+++ b/tasks/certificate_from_private_ca.yml
@@ -7,12 +7,8 @@
         ansible_common_remote_group: ansible
 
     - name: Create the certificate (delegate to the CA vm)
-      become: true
-      become_user: mkcert-ca
-      become_method: su
-      become_flags: '-s /bin/bash'
-      ansible.builtin.command:
-        cmd: mkcert -cert-file {{ mkcert_cert_name }} -key-file {{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
+      ansible.builtin.shell:
+        cmd: su - mkcert-ca -s /bin/bash mkcert -cert-file {{ mkcert_cert_name }} -key-file {{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
       args:
         chdir: /srv/mkcert-ca
         creates: "/srv/mkcert-ca/{{ mkcert_cert_name }}"