Merge
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
index 04234ba..238591d 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
@@ -21,33 +21,20 @@
   - name: stop openvpn
     shell: killall openvpn || true
 
-  - name: erase server key
-    shell: rm -f server.key
+  - name: make sure /opt/openvpn exists
+    file: path=/opt/openvpn state=directory
 
-  - name: write server key
-    shell: echo {{ '{{' }} item {{ '}}' }} >> server.key
-    with_items: {{ server_key }}
+  - name: get server key
+    copy: src=/opt/openvpn/easyrsa3/pki/private/server.key dest=/opt/openvpn/server.key
 
-  - name: erase server crt
-    shell: rm -f server.crt
+  - name: get server crt
+    copy: src=/opt/openvpn/easyrsa3/pki/issued/server.crt dest=/opt/openvpn/server.crt
 
-  - name: write server crt
-    shell: echo {{ '{{' }} item {{ '}}' }} >> server.crt
-    with_items: {{ server_crt }}
+  - name: get ca crt
+    copy: src=/opt/openvpn/easyrsa3/pki/ca.crt dest=/opt/openvpn/ca.crt
 
-  - name: erase ca crt
-    shell: rm -f ca.crt
-
-  - name: write ca crt
-    shell: echo {{ '{{' }} item {{ '}}' }} >> ca.crt
-    with_items: {{ ca_crt }}
-
-  - name: erase dh
-    shell: rm -f dh.pem
-
-  - name: write dh
-    shell: echo {{ '{{' }} item {{ '}}' }} >> dh.pem
-    with_items: {{ dh }}
+  - name: get dh
+    copy: src=/opt/openvpn/easyrsa3/pki/dh.pem dest=/opt/openvpn/dh.pem
 
   - name: erase config
     shell: rm -f server.conf
@@ -65,9 +52,10 @@
        port 1194
        proto udp
        dev tun
-       cert server.crt
-       key server.key
-       dh dh.pem
+       ca /opt/openvpn/ca.crt
+       cert /opt/openvpn/server.crt
+       key /opt/openvpn/server.key
+       dh /opt/openvpn/dh.pem
        server {{ server_network }} {{ vpn_subnet }}
        ifconfig-pool-persist ipp.txt
        comp-lzo