diff --git a/openvpn/tasks/openvpn.yml b/openvpn/tasks/openvpn.yml
index 341d4621..a3935d0d 100644
--- a/openvpn/tasks/openvpn.yml
+++ b/openvpn/tasks/openvpn.yml
@@ -52,11 +52,6 @@
     creates: '{{ openvpn_conf_dir }}/ta.key'
   tags: openvpn
 
-- name: Install the alternate CA file
-  copy: src=ca.pem dest={{ openvpn_conf_dir }}/{{ openvpn_alternative_ca_name }}
-  when: openvpn_install_alternative_ca
-  tags: openvpn
-
 - name: Ensure that the OpenVPN service is enabled and running
   service: name=openvpn state=started enabled=yes
   when: openvpn_enabled
diff --git a/openvpn/files/ca.pem b/ubuntu-deb-general/files/infn-letsencrypt-ca.crt
similarity index 100%
rename from openvpn/files/ca.pem
rename to ubuntu-deb-general/files/infn-letsencrypt-ca.crt
diff --git a/ubuntu-deb-general/tasks/install_external_ca_cert.yml b/ubuntu-deb-general/tasks/install_external_ca_cert.yml
index 7a4ac2d1..a2ed6e38 100644
--- a/ubuntu-deb-general/tasks/install_external_ca_cert.yml
+++ b/ubuntu-deb-general/tasks/install_external_ca_cert.yml
@@ -6,3 +6,6 @@
   notify: Update the CA bundle list
   tags: ca
 
+- name: Install a CA file that contains both the letsencrypt complete chain and the INFN CA certs
+  copy: src=infn-letsencrypt-ca.crt dest={{ pki_dir }}/infn-letsencrypt-ca.crt
+  tags: ca
diff --git a/ubuntu-deb-general/tasks/pki-basics.yml b/ubuntu-deb-general/tasks/pki-basics.yml
index fd878c4e..0f61970b 100644
--- a/ubuntu-deb-general/tasks/pki-basics.yml
+++ b/ubuntu-deb-general/tasks/pki-basics.yml
@@ -25,9 +25,6 @@
     - letsencrypt_acme_user_home is defined
   tags: [ 'pki', 'ssl', 'letsencrypt' ]
 
-# 20160506121714 [WARN] fdb: "keys/fakeselfsignedcert" has wrong mode -rwxr-xr-x, changing to -rwx------
-# 20160506121714 [WARN] fdb: "keys/fakeselfsignedcert/privkey" has wrong mode -rw-r--r--, changing to -rw-------
-
 - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the certificate and private key
   command: openssl req -x509 -newkey rsa:2048 -keyout {{ letsencrypt_acme_user_home }}/keys/fakeselfsignedcert/privkey -out {{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert/cert -days 10 -nodes -subj '/CN=self signed certificate'
   args: