diff --git a/tasks/certificate_from_private_ca.yml b/tasks/certificate_from_private_ca.yml
index cd8223b..7201ad0 100644
--- a/tasks/certificate_from_private_ca.yml
+++ b/tasks/certificate_from_private_ca.yml
@@ -6,7 +6,18 @@
       ansible.builtin.set_fact:
         ansible_common_remote_group: ansible
 
-    - name: certificate_from_private_ca | Create the certificate (delegate to the CA vm)
+    - name: certificate_from_private_ca | Remove the already existing certificates from the CA archive (delegate to the CA server)
+      ansible.builtin.file:
+        path: "/srv/mkcert-ca/{{ item }}"
+        state: absent
+      loop:
+        - "{{ mkcert_cert_name }}"
+        - "{{ mkcert_key_name }}"
+        - "client-{{ mkcert_cert_name }}"
+        - "client-{{ mkcert_key_name }}"
+      delegate_to: "{{ mkcert_ca_host }}"
+
+    - name: certificate_from_private_ca | Create the certificate (delegate to the CA server)
       ansible.builtin.command:
         cmd: mkcert -cert-file /srv/mkcert-ca/{{ mkcert_cert_name }} -key-file /srv/mkcert-ca/{{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
       args:
@@ -16,9 +27,9 @@
         CAROOT: /srv/mkcert-ca/.local/share/mkcert
       delegate_to: "{{ mkcert_ca_host }}"
 
-    - name: certificate_from_private_ca | Create a certificate able to do client authentication (delegate to the CA vm)
+    - name: certificate_from_private_ca | Create a certificate able to do client authentication (delegate to the CA server)
       ansible.builtin.command:
-        cmd: mkcert -client -cert-file /srv/mkcert-ca/client-{{ mkcert_cert_name }} -key-file /srv/mkcert-ca/client-{{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
+        cmd: mkcert -client -cert-file /srv/mkcert-ca/client-{{ mkcert_cert_name }} -key-file /srv/mkcert-ca/client-{{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }} # yamllint disable-line rule:line-length
       args:
         chdir: /srv/mkcert-ca
         creates: "/srv/mkcert-ca/client-{{ mkcert_cert_name }}"
@@ -47,7 +58,7 @@
         dest: "{{ mkcert_cert_dest_path }}"
         owner: root
         group: root
-        mode: 0444
+        mode: "0444"
       loop:
         - "{{ mkcert_cert_name }}"
         - "client-{{ mkcert_cert_name }}"
@@ -58,7 +69,7 @@
         dest: "{{ mkcert_key_dest_path }}"
         owner: root
         group: root
-        mode: 0440
+        mode: "0440"
       loop:
         - "{{ mkcert_key_name }}"
         - "client-{{ mkcert_key_name }}"