diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index 6ad0b1a4684d4e0f37cf22bc0df511e302ae1e92..2a0b1215bf959fb2323b431c091d5e6804c67779 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -19,12 +19,13 @@
 - include_tasks: kubeconfig.yml
   when: state != 'absent' and 'master' in group_names
 
-#- include_tasks: rotate_encryption.yml
-#  when: state != 'absent' and 'control-plane' in group_names and (rotate != 'absent')
-
 - include_tasks: fix_selinux.yml
   when: state != 'absent' and 'control-plane' in group_names 
 
 - name: uninstall rke2
   command: rke2-uninstall.sh
   when: rke2_installed.stat.exists and state == 'absent'
+
+
+#- include_tasks: rotate_encryption.yml
+#  when: state != 'absent' and 'control-plane' in group_names and (rotate != 'absent')
diff --git a/roles/rke2/tasks/setup_host.yml b/roles/rke2/tasks/setup_host.yml
index db99315d6305027b09021c8e4f62459d2b8d2810..b907aea543498fff0e15891a5f63c1a74373928d 100644
--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -70,17 +70,6 @@
   selinux:
     policy: targeted
     state: permissive
-    #state: enforcing
-
-
-#Download the mozilla root CA into the right directory, and update the trust chain
-#- name: Download root CA
-#  get_url:
-#    url: https://curl.se/ca/cacert.pem
-#    dest: /etc/ssl/certs
-
-#- name: Update CA trust
-#  shell: update-ca-trust
 
 
 - name: Ensure /var/lib/rancher/rke2/server/manifests
@@ -94,17 +83,3 @@
     path: /etc/rancher/rke2
     state: directory
     recurse: yes
-
-#- name: upgrade packages
-#  apt: 
-#    name: "*"
-#    state: latest
-#  register: update_packages
-#  when: dist_upgrade
-
-#- name: reboot vm
-#  throttle: 1
-#  reboot:
-#    reboot_timeout: 300
-#    post_reboot_delay: 60
-#  when: update_packages.changed 
\ No newline at end of file