diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml
index 46d0ddb9a5187274b6a0cf01507525e159907192..00b8b348900519f19ac6ec97ba44256914cc98c7 100644
--- a/roles/etcd/tasks/gen_certs_script.yml
+++ b/roles/etcd/tasks/gen_certs_script.yml
@@ -115,7 +115,7 @@
 
 # FIXME(mattymo): Use tempfile module in ansible 2.3
 - name: Gen_certs | Prepare tempfile for unpacking certs
-  shell: mktemp /tmp/certsXXXXX.tar.gz
+  command: mktemp /tmp/certsXXXXX.tar.gz
   register: cert_tempfile
   when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
         inventory_hostname != groups['etcd'][0]
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_script.yml b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
index 192787b9751f4ebfa84f9ae36bc7a38f23b9e60d..7ad280e60896a9fc72a508af27ce6b3673eafd07 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@@ -117,7 +117,7 @@
 
 # FIXME(mattymo): Use tempfile module in ansible 2.3
 - name: Gen_certs | Prepare tempfile for unpacking certs
-  shell: mktemp /tmp/certsXXXXX.tar.gz
+  command: mktemp /tmp/certsXXXXX.tar.gz
   register: cert_tempfile
   when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]