Ansible to add cert to CA and make firefox and chrome use the system CA store under linux

ffchromeCA.yaml

---
- name: certauth.yml | Make sure the folder exists (Debian, Ubuntu)
  file:
    path: /usr/local/share/ca-certificates
    state: directory

- name: certauth.yml | Download root CA
  get_url:
    url: "{{ install_ip }}/xxx.crt"
    dest: "/usr/local/share/ca-certificates/xxx.crt"
  register: result
# Note that the .crt is actually a .pem renamed

- name: certauth.yml | Update CA Trust (Debian, Ubuntu)
  shell: update-ca-certificates
  when: result | changed

- name: DPKG divert original libnssckbi.so to bak
  command: dpkg-divert --divert /usr/lib/firefox/libnssckbi.so.bak --rename /usr/lib/firefox/libnssckbi.so

- name: Create symbolic link between firefox libnssckbi.so and one from OS
  file:
    src: '/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so'
    dest: '/usr/lib/firefox/libnssckbi.so'
    state: link

- name: DPKG divert original libnssckbi.so to bak
  command: dpkg-divert --divert /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so.bak --rename /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so

- name: Create symbolic link between chrome(nss3) libnssckbi.so and one from OS
  file:
    src: '/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so'
    dest: '/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so'
    state: link

...