send the cert in the right file and clean localhost

example.yml

@@ -4,5 +4,5 @@
   roles:
     - generate-cert
   vars:
-    directory: /tmp/test-pki
+    directory: /etc/nginx/certs/
-    cname: test-client
+    cname: example.com

roles/generate-cert/tasks/main.yml

@@ -79,6 +79,15 @@
     mode: "{{ key_mode | default('u=rw,g=,o=') }}"
   when: not key_file.stat.exists
 
+- name: Send certificate to the server
+  copy:
+    src: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
+    dest: "{{ directory }}/{{ cname }}.crt"
+    owner: "{{ owner | default('root') }}"
+    group: "{{ group | default('root') }}"
+    mode: "{{ key_mode | default('u=rw,g=r,o=r') }}"
+  when: not key_file.stat.exists
+
 # Clean up
 - name: Remove the local cert key
   become: false
@@ -95,3 +104,27 @@
     state: absent
   delegate_to: localhost
   when: not key_file.stat.exists
+
+- name: Remove the local certificate
+  become: false
+  file:
+    path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
+    state: absent
+  delegate_to: localhost
+  when: not key_file.stat.exists
+
+- name: Remove the CA certificate
+  become: false
+  file:
+    path: /tmp/ansible_hacky_pki_ca.crt
+    state: absent
+  delegate_to: localhost
+  when: not key_file.stat.exists
+
+- name: Remove the CA key
+  become: false
+  file:
+    path: /tmp/ansible_hacky_pki_ca.key
+    state: absent
+  delegate_to: localhost
+  when: not key_file.stat.exists