diff --git a/roles/sshca/files/signcert.sh b/roles/sshca/files/signcert.sh
deleted file mode 100755
index 3d237dd..0000000
--- a/roles/sshca/files/signcert.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-umask 022
-
-if [ $# -ne 1 ]; then
-    echo "Usage: $(basename "$0") <pubkey>" 1>&2
-    exit 1
-fi
-
-_basedir="/srv/sshca"
-_name="$1"
-
-if ! echo "$_name" | grep -Eq '.foo.sh$'; then
-    echo "ERROR: Only '*.foo.sh' certificates are allowed" 1>&2
-    exit 1
-fi
-
-if [ ! -f "/srv/ansible/facts/${_name}" ]; then
-    echo "ERROR: Cannot find host '${_name}'" 1>&2
-    exit 1
-fi
-
-ssh-keygen -s "${_basedir}/ca/ca" -I "$_name" -n "$_name" -V -5m:+365d -h \
-    "${_basedir}/pubkeys/${_name}.pub"
diff --git a/roles/sshca/tasks/main.yml b/roles/sshca/tasks/main.yml
index d55c742..41edb8b 100644
--- a/roles/sshca/tasks/main.yml
+++ b/roles/sshca/tasks/main.yml
@@ -34,11 +34,3 @@
     mode: "0755"
     owner: root
     group: "{{ ansible_wheel }}"
-
-- name: Copy signing script
-  ansible.builtin.copy:
-    dest: /srv/sshca/signcert.sh
-    src: signcert.sh
-    mode: "0755"
-    owner: root
-    group: "{{ ansible_wheel }}"