diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0f64fa6b86dd7d678e30f20321de5b764e078914..79eed55387f0f117c890cdc5aea67bb32d50e335 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,10 +22,11 @@ test-job:
     - "shell"
   script:
     # make sure that Ansible Vaults are present and can be decrypted
-    - echo "${VAULT_VALIDATORS}" > ../../../lza_validators.pass
+    - echo "${VAULT_VALIDATORS}" > ../lza_validators.pass
     - export ANSIBLE_VAULT_IDENTITY_LIST="../../../lza_validators.pass"
     - rm -rf ../ansible_vaults/
-    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
+    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/;
+    - for FILE in $( find / -name "lza_validators.pass" ); do ls -l $FILE; done
     # run Molecule tests
     - molecule syntax --scenario-name default
     # We cannot use `molecule lint` anymore because:
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
index 97b9286696fc51469c4712d5faca95bd4b4ed1bd..7c0df0cd5459e986fac53e7377c2930156b407ae 100644
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -95,6 +95,7 @@
           loop:
             - "/usr/share/ca-certificates/{{ ansible_hostname }}-selfsigned.crt"
             - "/etc/ssl/certs/{{ ansible_hostname }}-selfsigned.crt"
+            - "/etc/ssl/certs/server.pem"
           changed_when: false    # I don't have any idea why this isn't idempotent.
         - name: >
             configure ca-certificates.conf to include our self-signed certificate