diff --git a/roles/pki/tasks/main.yml b/roles/pki/tasks/main.yml
index 96c60f0..0e2a31f 100644
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@@ -30,6 +30,13 @@
     owner: root
     group: "{{ ansible_wheel }}"
 
+- name: create full chain of host certficate and ca
+  shell: "cat {{ tls_certs }}/{{ inventory_hostname }}.crt \
+   {{ tls_certs }}/ca.crt > \
+   {{ tls_certs }}/{{ inventory_hostname }}-fullchain.crt"
+  args:
+    creates: "{{ tls_certs }}/{{ inventory_hostname }}-fullchain.crt"
+
 - name: copy host key
   copy:
     src: "/srv/ca/private/{{ inventory_hostname }}.key"