diff --git a/common/files/rwth_chain_sha1.pem b/common/files/rwth_chain_sha1.pem
deleted file mode 100644
index 052f807ecbb36b9e086cd82d9ccd1a9759cad7c2..0000000000000000000000000000000000000000
Binary files a/common/files/rwth_chain_sha1.pem and /dev/null differ
diff --git a/common/tasks/tls.yml b/common/tasks/tls.yml
index fccdab1b4994ae38aed60ab56a4ea7dbb6a1c309..916b4bf4e881f169a41e48ac68af68504ad8ea99 100644
--- a/common/tasks/tls.yml
+++ b/common/tasks/tls.yml
@@ -7,28 +7,13 @@
     - packages
     - tls
 
-- name: ensure RWTH CA chains are installed
+- name: ensure the sha2 rwth chain is available
   copy:
-    src: "{{item}}.pem"
-    dest: "/etc/ssl/certs/{{item}}.pem"
-    owner: root
-    group: root
-    mode: 0644
-  with_items:
-    - rwth_chain_sha1
-    - rwth_chain_sha2
-  tags:
-    - tls
-    - rwth
-
-- name: ensure we symlink the default RWTH CA chain
-  file:
-    src: /etc/ssl/certs/rwth_chain_sha1.pem
+    src: rwth_chain_sha2.pem
     dest: /etc/ssl/certs/rwth_chain.pem
-    state: link
     owner: root
     group: root
-    force: yes
+    mode: 0644
   tags:
     - tls
     - rwth