diff --git a/roles/rke2/tasks/setup_host.yml b/roles/rke2/tasks/setup_host.yml
index 65ff584d5d33b67839190fcc7da52766d9c64f12..307c2b32243823e58c392074aac081d7c62d423e 100644
--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -72,7 +72,15 @@
 #     policy: targeted
 #     state: permissive
 #   when: ( 'control-plane' in group_names )
-
+#Download the mozilla root CA into the right directory, and update the trust chain
+- name: Download root CA
+  get_url:
+    url: https://curl.se/ca/cacert.pem
+    dest: /etc/ssl/certs
+
+- name: Update CA trust
+  shell: update-ca-trust
+  
 - name: Disable SELinux
   selinux:
     policy: targeted