Manage a generic CA cert file, provided via a URL.

library/roles/ubuntu-deb-general/defaults/main.yml

@@ -101,6 +101,7 @@ pki_dir: /etc/pki
 pki_subdirs:
   - certs
   - keys
+pki_install_a_custom_ca: False
   
 # Install our /etc/resolv.conf
 install_resolvconf: True

library/roles/ubuntu-deb-general/tasks/install_external_ca_cert.yml

@@ -6,6 +6,7 @@
   notify: Update the CA bundle list
   tags: ca
 
-- name: Install a CA file that contains both the letsencrypt complete chain, the INFN CA certs and the TERENA personal certs CA
-  copy: src=infn-letsencrypt-ca.crt dest={{ pki_dir }}/infn-letsencrypt-ca.crt
+- name: Install a CA file with the certificates that we need. From a URL
+  get_url: url={{ pki_custom_ca_url }} dest={{ pki_dir }}/{{ pki_custom_ca_filename }}
+  when: pki_install_a_custom_ca | bool
   tags: ca