diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 343ce2a6739585d8e5297b9b95e21a128b293ebd..30f9da2102e074b9317397d9ad7fabf77a3fa380 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -449,6 +449,16 @@
 
     when: not result_ipaserver_setup_ca.csr_generated | bool
 
+  always:
+  - name: Cleanup temporary files
+    file:
+      path: "{{ item }}"
+      state: absent
+    with_items:
+    - "/etc/ipa/.tmp_pkcs12_dirsrv"
+    - "/etc/ipa/.tmp_pkcs12_http"
+    - "/etc/ipa/.tmp_pkcs12_pkinit"
+
   when: not ansible_check_mode and not
         (not result_ipaserver_test.changed and
          (result_ipaserver_test.client_already_configured is defined or