--- - name: Create the certificate using the private CA tags: [pki, tls, tls_certificate] block: - name: Create the certificate (delegate to the CA vm) become_user: mkcert-ca ansible.builtin.command: cmd: mkcert -cert-file {{ mkcert_cert_name }} -key-file {{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }} args: creates: "/srv/mkcert-ca/{{ mkcert_cert_name }}" delegate_to: "{{ mkcert_ca_host }}" - name: Manage the certificate installation tags: [pki, tls, tls_certificate] block: - name: Get the certificate and its key from the CA server become_user: mkcert-ca ansible.builtin.fetch: src: "/srv/mkcert-ca/{{ item }}" dest: "files/{{ item }}" loop: - "{{ mkcert_cert_name }}" - "{{ mkcert_key_name }}" delegate_to: "{{ mkcert_ca_host }}" - name: Copy the certificate to the destination server ansible.builtin.copy: src: "files/{{ mkcert_cert_name }}" dest: "{{ pki_dir }}/certs/{{ mkcert_cert_name }}" owner: root group: root mode: 0444 - name: Copy the certificate to the destination server ansible.builtin.copy: src: "files/{{ mkcert_key_name }}" dest: "{{ pki_dir }}/keys/{{ mkcert_key_name }}" owner: root group: root mode: 0440