unbound-control: no certificates for local use

roles/unbound/tasks/main.yml

@@ -19,22 +19,6 @@
     state: present
   register: unbound_install
 
-- name: check if unbound-control certificate exists
-  stat:
-    path: /etc/unbound/unbound_control.pem
-  register: ubc_control_pem
-
-
-- name: check if unbound server certificate exists
-  stat:
-    path: /etc/unbound/unbound_server.pem
-  register: ubc_server_pem
-
-- name: run unbound-control-setup if a certificate is missing
-  command: unbound-control-setup
-  become: yes
-  when: ubc_control_pem.stat.exists == False or ubc_server_pem.stat.exists == False
-
 - name: add unbound-control configuration
   template:
     src: unbound-control.conf.j2

roles/unbound/templates/unbound-control.conf.j2

@@ -10,14 +10,6 @@ remote-control:
     # port number for remote control operations.
     control-port: 8953
    
-    # unbound server key file.
+    # Disable the use of certificates for unbound-control.
-    server-key-file: "/etc/unbound/unbound_server.key"
+    # It's only listening locally, there's no need for the added complexity.
-   
+    control-use-cert: "no"
-    # unbound server certificate file.
-    server-cert-file: "/etc/unbound/unbound_server.pem"
-   
-    # unbound-control key file.
-    control-key-file: "/etc/unbound/unbound_control.key"
-   
-    # unbound-control certificate file.
-    control-cert-file: "/etc/unbound/unbound_control.pem"