diff --git a/automation/add_pgnode.yml b/automation/add_pgnode.yml
index b3095a22a..61ec658dd 100644
--- a/automation/add_pgnode.yml
+++ b/automation/add_pgnode.yml
@@ -111,7 +111,7 @@
         tasks_from: copy_certificate
       vars:
         tls_job: fetch
-      when: tls_cert_generate|bool
+      when: tls_cert_generate | bool
 
   roles:
     - role: ansible-role-firewall
@@ -242,7 +242,7 @@
         tasks_from: copy_certificate
       vars:
         tls_job: copy
-      when: tls_cert_generate|bool
+      when: tls_cert_generate | bool
 
   roles:
     - role: wal-g
diff --git a/automation/roles/tls_certificate/tasks/copy_certificate.yml b/automation/roles/tls_certificate/tasks/copy_certificate.yml
index e42bd60d1..f86ae32c8 100644
--- a/automation/roles/tls_certificate/tasks/copy_certificate.yml
+++ b/automation/roles/tls_certificate/tasks/copy_certificate.yml
@@ -4,7 +4,7 @@
   ansible.builtin.fetch:
     src: "{{ item }}"
     dest: "/tmp/tls/"
-    flat: yes
+    flat: true
   loop:
     - "{{ tls_privatekey_path | default('/etc/tls/server.key') }}"
     - "{{ tls_cert_path | default('/etc/tls/server.crt') }}"
@@ -13,35 +13,41 @@
     - tls_job == 'fetch'
 
 - block:
-  - name: Ensure TLS directories exist
-    ansible.builtin.file:
-      path: "{{ item }}"
-      state: directory
-      owner: "{{ tls_owner | default('postgres') }}"
-      group: "{{ tls_owner | default('postgres') }}"
-      mode: "0750"
-    loop:
-      - "{{ tls_privatekey_path | default('/etc/tls/server.key') | dirname }}"
-      - "{{ tls_cert_path | default('/etc/tls/server.crt') | dirname }}"
+    - name: Ensure TLS directories exist
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: "{{ tls_owner | default('postgres') }}"
+        group: "{{ tls_owner | default('postgres') }}"
+        mode: "0750"
+      loop:
+        - "{{ tls_privatekey_path | default('/etc/tls/server.key') | dirname }}"
+        - "{{ tls_cert_path | default('/etc/tls/server.crt') | dirname }}"
 
-  - name: Copy TLS certificate and key to the new node
-    ansible.builtin.copy:
-      src: "/tmp/tls/{{ item | basename }}"
-      dest: "{{ item }}"
-    loop:
-      - "{{ tls_privatekey_path | default('/etc/tls/server.key') }}"
-      - "{{ tls_cert_path | default('/etc/tls/server.crt') }}"
+    - name: Copy TLS certificate and key to the new node
+      ansible.builtin.copy:
+        src: "/tmp/tls/{{ item | basename }}"
+        dest: "{{ item }}"
+      loop:
+        - "{{ tls_privatekey_path | default('/etc/tls/server.key') }}"
+        - "{{ tls_cert_path | default('/etc/tls/server.crt') }}"
 
-  - name: Set proper permissions for TLS files
-    ansible.builtin.file:
-      path: "{{ item.path }}"
-      owner: "{{ tls_owner | default('postgres') }}"
-      group: "{{ tls_owner | default('postgres') }}"
-      mode: "{{ item.mode }}"
-      state: file
-    loop:
-      - { path: "{{ tls_privatekey_path | default('/etc/tls/server.key') }}", mode: "0400" }
-      - { path: "{{ tls_cert_path | default('/etc/tls/server.crt') }}", mode: "0644" }
+    - name: Set proper permissions for TLS files
+      ansible.builtin.file:
+        path: "{{ item.path }}"
+        owner: "{{ tls_owner | default('postgres') }}"
+        group: "{{ tls_owner | default('postgres') }}"
+        mode: "{{ item.mode }}"
+        state: file
+      loop:
+        - { path: "{{ tls_privatekey_path | default('/etc/tls/server.key') }}", mode: "0400" }
+        - { path: "{{ tls_cert_path | default('/etc/tls/server.crt') }}", mode: "0644" }
+
+    - name: Delete TLS certificate and key from the ansible controller
+      ansible.builtin.file:
+        path: "/tmp/tls/"
+        state: absent
+      delegate_to: localhost
   when:
     - tls_job is defined
     - tls_job == 'copy'