do not download cacert.pem, but generate it

roles/copr/mbs/tasks/main.yml

@@ -96,16 +96,18 @@
 - name: Obtain client_secrets.json
   get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/conf/client_secrets.json dest=/etc/module-build-service/
 
-# @TODO Should be packaged in module-build-service package? Or should already exist on copr-frontend instance?
-- name: Obtain cacert.pem
-  get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/conf/cacert.pem dest=/etc/module-build-service/cacert.pem
-
-
 - name: Upgrade database
   command: mbs-upgradedb
 
 - name: Generate cert
   command: mbs-gencert
+  args:
+    creates: /etc/module-build-service/server.crt
+
+- name: generate cacert.pem
+  shell: cat /etc/module-build-service/server.crt /etc/module-build-service/server.key > /etc/module-build-service/cacert.pem
+  args:
+    creates: /etc/module-build-service/cacert.pem
 
 - name: Chown /etc/module-build-service to mbs:mbs
   file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes mode=g+w