diff --git a/roles/vpn/tasks/openssl.yml b/roles/vpn/tasks/openssl.yml
index ed2b999..a1709bc 100644
--- a/roles/vpn/tasks/openssl.yml
+++ b/roles/vpn/tasks/openssl.yml
@@ -145,19 +145,14 @@
 
   - name: Revoke non-existing users
     shell: >
-      openssl ca
-      -config openssl.cnf
-      -passin pass:"{{ easyrsa_CA_password }}"
-      -revoke certs/{{ item }}.crt &&
       openssl ca -gencrl
       -config openssl.cnf
       -passin pass:"{{ easyrsa_CA_password }}"
       -revoke certs/{{ item }}.crt
-      -out crl/{{ item }}.crt &&
-      touch crl/{{ item }}_revoked
+      -out crl/{{ item }}.crt
     args:
       chdir: configs/{{ IP_subject_alt_name }}/pki/
-      creates: crl/{{ item }}_revoked
+      creates: crl/{{ item }}.crt
     environment:
       subjectAltName: "DNS:{{ item }}"
     when: item not in users