From 0020074eaa2e4493028229ab7c986b00a541c9ec Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 8 Apr 2026 19:24:39 +0200
Subject: [PATCH] Fix the CA certificates path on EL based distributions.

---
 defaults/main.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 6bcdb63..04641f0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -128,8 +128,7 @@ postgresql_letsencrypt_managed: '{% if letsencrypt_acme_install is defined and l
 psql_ssl_privkey_global_file: '{% if postgresql_letsencrypt_managed %}{{ letsencrypt_acme_sh_certificates_install_path }}/privkey{% else %}{{ pki_dir }}/keys/{{ ansible_fqdn}}-key.pem{% endif %}'
 psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
 psql_ssl_cert_file: '{% if postgresql_letsencrypt_managed %}{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain{% else %}{{ pki_dir }}/certs/{{ ansible_fqdn}}.pem{% endif %}'
-# In CentOS/RHEL is /etc/pki/tls/cert.pem
-psql_ssl_ca_file: '/etc/ssl/certs/ca-certificates.crt'
+psql_ssl_ca_file: '{% if ansible_distribution_file_variety == "Debian" %}/etc/ssl/certs/ca-certificates.crt{% elif {% if ansible_distribution_file_variety == "RedHat" %}/etc/pki/tls/cert.pem{% endif %}'
 psql_conf_ssl_parameters: 
   - { name: 'ssl', value: 'true', set: 'true' }
   - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}', set: 'true' }