diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml
index 694bb83..ffaa706 100644
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@@ -209,3 +209,13 @@
     - gencrl.changed
   notify:
     - rereadcrls
+
+- name: Delete the CA key
+  local_action:
+    module: file
+    path: "{{ ipsec_pki_path }}/private/cakey.pem"
+    state: absent
+  become: false
+  when:
+    - ipsec_enabled
+    - not algo_store_cakey
diff --git a/server.yml b/server.yml
index 4032683..349150c 100644
--- a/server.yml
+++ b/server.yml
@@ -37,16 +37,6 @@
         tags: ssh_tunneling
 
       - block:
-        - name: Delete the CA key
-          local_action:
-            module: file
-            path: "{{ ipsec_pki_path }}/private/cakey.pem"
-            state: absent
-          become: false
-          when:
-            - ipsec_enabled
-            - not algo_store_cakey
-
         - name: Dump the configuration
           local_action:
             module: copy