Release 2.26.3.

Stick to community.general 10.x.y for CI.
acme_account: check for 'externalAccountRequired' error (#919 ) (#920 )
2026-05-07 13:53:06 +00:00 · 2025-06-14 16:44:49 +02:00 · 2025-06-13 06:11:49 +02:00 · 2025-06-13 06:10:41 +02:00 · 2025-06-12 22:45:19 +02:00 · 2025-06-08 21:08:04 +02:00
153 changed files with 2659 additions and 2507 deletions
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -212,6 +212,8 @@ stages:
          targets:
            - name: macOS 15.3
              test: macos/15.3
            - name: RHEL 10.0
              test: rhel/10.0
            - name: RHEL 9.5
              test: rhel/9.5
            - name: FreeBSD 14.2
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -284,7 +284,7 @@ jobs:
          pre-test-cmd: >-
            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools
            ;
-            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git ../../community/general
+            git clone --depth=1 --single-branch --branch stable-10 https://github.com/ansible-collections/community.general.git ../../community/general
          pull-request-change-detection: 'true'
          target: ${{ matrix.target }}
          target-python-version: ${{ matrix.python }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -4,6 +4,36 @@ Community Crypto Release Notes
 .. contents:: Topics
 v2.26.3
 =======
 Release Summary
 ---------------
 Bugfix release.
 Bugfixes
 --------
 - acme_account - make work with CAs that do not accept any account request without External Account Binding data (https://github.com/ansible-collections/community.crypto/issues/918, https://github.com/ansible-collections/community.crypto/pull/919).
 v2.26.2
 =======
 Release Summary
 ---------------
 Maintenance release announcing removal of the Entrust content from community.crypto 3.0.0.
 Deprecated Features
 -------------------
 - The Entrust service in currently being sunsetted after the sale of Entrust's Public Certificates Business to Sectigo; see `the announcement with key dates <https://www.entrust.com/tls-certificate-information-center>`__ and `the migration brief for customers <https://www.sectigo.com/uploads/resources/EOL_Migration-Brief-End-Customer.pdf>`__ for details (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
 - ecs_certificate - the module will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
 - ecs_domain - the module will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
 - x509_certificate - the ``entrust`` provider will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
 - x509_certificate_pipe - the ``entrust`` provider will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
 v2.26.1
 =======
--- a/README.md
+++ b/README.md
@@ -7,9 +7,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
 # Ansible Community Crypto Collection
 [![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/ansible/devel/collections/community/crypto/)
-[![Build Status](https://dev.azure.com/ansible/community.crypto/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/community.crypto/_build?definitionId=21)
+[![Build Status](https://dev.azure.com/ansible/community.crypto/_apis/build/status/CI?branchName=stable-2)](https://dev.azure.com/ansible/community.crypto/_build?definitionId=21)
-[![EOL CI](https://github.com/ansible-collections/community.crypto/actions/workflows/ansible-test.yml/badge.svg?branch=main)](https://github.com/ansible-collections/community.crypto/actions)
+[![EOL CI](https://github.com/ansible-collections/community.crypto/actions/workflows/ansible-test.yml/badge.svg?branch=stable-2)](https://github.com/ansible-collections/community.crypto/actions)
-[![Nox CI](https://github.com/ansible-collections/community.crypto/actions/workflows/nox.yml/badge.svg?branch=main)](https://github.com/ansible-collections/community.crypto/actions)
+[![Nox CI](https://github.com/ansible-collections/community.crypto/actions/workflows/nox.yml/badge.svg?branch=stable-2)](https://github.com/ansible-collections/community.crypto/actions)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.crypto)](https://codecov.io/gh/ansible-collections/community.crypto)
 [![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.crypto)](https://api.reuse.software/info/github.com/ansible-collections/community.crypto)
@@ -54,7 +54,7 @@ Browsing the [**latest** collection documentation](https://docs.ansible.com/ansi
 Browsing the [**devel** collection documentation](https://docs.ansible.com/ansible/devel/collections/community/crypto) shows docs for the _latest version released on Galaxy_.
-We also separately publish [**latest commit** collection documentation](https://ansible-collections.github.io/community.crypto/branch/main/) which shows docs for the _latest commit in the `main` branch_.
+We also separately publish [**latest commit** collection documentation](https://ansible-collections.github.io/community.crypto/branch/stable-2/) which shows docs for the _latest commit in the `stable-2` branch_.
 If you use the Ansible package and do not update collections independently, use **latest**. If you install or update this collection directly from Galaxy, use **devel**. If you are looking to contribute, use **latest commit**.
@@ -109,7 +109,7 @@ If you use the Ansible package and do not update collections independently, use
  - luks_device module
  - parse_serial and to_serial filters
-You can also find a list of all modules and plugins with documentation on the [Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/crypto/), or the [latest commit collection documentation](https://ansible-collections.github.io/community.crypto/branch/main/).
+You can also find a list of all modules and plugins with documentation on the [Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/crypto/), or the [latest commit collection documentation](https://ansible-collections.github.io/community.crypto/branch/stable-2/).
 ## Using this collection
@@ -141,19 +141,15 @@ See [Ansible's dev guide](https://docs.ansible.com/ansible/devel/dev_guide/devel
 ## Release notes
-See the [changelog](https://github.com/ansible-collections/community.crypto/blob/main/CHANGELOG.md).
+See the [changelog](https://github.com/ansible-collections/community.crypto/blob/stable-2/CHANGELOG.md).
 ## Roadmap
 We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows [semantic versioning](https://semver.org/), so breaking changes will only happen in major releases.
-Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of ``cryptography``.
+In 2.0.0, the following notable features have been removed:
-
+* PyOpenSSL backends of all modules, except ``openssl_pkcs12`` which did now have a ``cryptography`` backend for a long time due to lack of support of PKCS#12 functionality in ``cryptography``. (This changed.)
-Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted.
+* The ``assertonly`` provider of ``x509_certificate`` has been removed.
 In 2.0.0, the following notable features will be removed:
 * PyOpenSSL backends of all modules, except ``openssl_pkcs12`` which does not have a ``cryptography`` backend due to lack of support of PKCS#12 functionality in ``cryptography``.
 * The ``assertonly`` provider of ``x509_certificate`` will be removed.
 ## More information
@@ -166,8 +162,8 @@ In 2.0.0, the following notable features will be removed:
 This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.
-See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.crypto/blob/main/COPYING) for the full text.
+See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.crypto/blob/stable-2/COPYING) for the full text.
-Parts of the collection are licensed under the [Apache 2.0 license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/Apache-2.0.txt) (`plugins/module_utils/crypto/_obj2txt.py` and `plugins/module_utils/crypto/_objects_data.py`), the [BSD 2-Clause license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/BSD-2-Clause.txt) (`plugins/module_utils/ecs/api.py`), the [BSD 3-Clause license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/BSD-3-Clause.txt) (`plugins/module_utils/crypto/_obj2txt.py`, `tests/integration/targets/prepare_jinja2_compat/filter_plugins/jinja_compatibility.py`), and the [PSF 2.0 license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/PSF-2.0.txt) (`plugins/module_utils/_version.py`). This only applies to vendored files in ``plugins/module_utils/`` and to the ECS module utils.
+Parts of the collection are licensed under the [Apache 2.0 license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/Apache-2.0.txt) (`plugins/module_utils/crypto/_obj2txt.py` and `plugins/module_utils/crypto/_objects_data.py`), the [BSD 2-Clause license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/BSD-2-Clause.txt) (`plugins/module_utils/ecs/api.py`), the [BSD 3-Clause license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/BSD-3-Clause.txt) (`plugins/module_utils/crypto/_obj2txt.py`, `tests/integration/targets/prepare_jinja2_compat/filter_plugins/jinja_compatibility.py`), and the [PSF 2.0 license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/PSF-2.0.txt) (`plugins/module_utils/_version.py`). This only applies to vendored files in ``plugins/module_utils/`` and to the ECS module utils.
 All files have a machine readable `SDPX-License-Identifier:` comment denoting its respective license(s) or an equivalent entry in an accompanying `.license` file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in `REUSE.toml`. This conforms to the [REUSE specification](https://reuse.software/spec/).
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -1643,3 +1643,39 @@ releases:
      - 867-passphrase-encoding-nolog.yml
      - 868-luks-remove-keyslot.yml
    release_date: '2025-04-28'
  2.26.2:
    changes:
      deprecated_features:
        - The Entrust service in currently being sunsetted after the sale of Entrust's
          Public Certificates Business to Sectigo; see `the announcement with key
          dates <https://www.entrust.com/tls-certificate-information-center>`__ and
          `the migration brief for customers <https://www.sectigo.com/uploads/resources/EOL_Migration-Brief-End-Customer.pdf>`__
          for details (https://github.com/ansible-collections/community.crypto/issues/895,
          https://github.com/ansible-collections/community.crypto/pull/901).
        - ecs_certificate - the module will be removed from community.crypto 3.0.0
          (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
        - ecs_domain - the module will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895,
          https://github.com/ansible-collections/community.crypto/pull/901).
        - x509_certificate - the ``entrust`` provider will be removed from community.crypto
          3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895,
          https://github.com/ansible-collections/community.crypto/pull/901).
        - x509_certificate_pipe - the ``entrust`` provider will be removed from community.crypto
          3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895,
          https://github.com/ansible-collections/community.crypto/pull/901).
      release_summary: Maintenance release announcing removal of the Entrust content
        from community.crypto 3.0.0.
    fragments:
      - 2.26.2.yml
      - 901-remove-entrust.yml
    release_date: '2025-05-22'
  2.26.3:
    changes:
      bugfixes:
        - acme_account - make work with CAs that do not accept any account request
          without External Account Binding data (https://github.com/ansible-collections/community.crypto/issues/918,
          https://github.com/ansible-collections/community.crypto/pull/919).
      release_summary: Bugfix release.
    fragments:
      - 2.26.3.yml
      - 919-acme_account-ear.yml
    release_date: '2025-06-14'
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -5,7 +5,7 @@
 namespace: community
 name: crypto
-version: 2.26.1
+version: 2.26.3
 readme: README.md
 authors:
  - Ansible (github.com/ansible)
--- a/plugins/doc_fragments/acme.py
+++ b/plugins/doc_fragments/acme.py
@@ -120,7 +120,7 @@ notes:
    the module can in principle be used with any CA providing an ACME endpoint, such as L(Buypass Go SSL,https://www.buypass.com/ssl/products/acme).
  - So far, the ACME modules have only been tested by the developers against Let's Encrypt (staging and production), Buypass
    (staging and production), ZeroSSL (production), and L(Pebble testing server,https://github.com/letsencrypt/Pebble). We
-    have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with
+    have got community feedback that they also work with Sectigo ACME Service for InCommon and with HARICA. If you experience problems with
    another ACME server, please L(create an issue,https://github.com/ansible-collections/community.crypto/issues/new/choose)
    to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.
 requirements:
@@ -146,6 +146,7 @@ options:
      - For B(Buypass), the production directory URL for ACME v2 and v1 is U(https://api.buypass.com/acme/directory).
      - For B(ZeroSSL), the production directory URL for ACME v2 is U(https://acme.zerossl.com/v2/DV90).
      - For B(Sectigo), the production directory URL for ACME v2 is U(https://acme-qa.secure.trust-provider.com/v2/DV).
      - For B(HARICA), the production directory URL for ACME v2 is U(https://acme.harica.gr/XXX/directory) with XXX being specific to your account.
      - The notes for this module contain a list of ACME services this module has been tested against.
    required: true
    type: str
@@ -185,6 +186,7 @@ options:
  account_key_src:
    description:
      - Path to a file containing the ACME account RSA or Elliptic Curve key.
      - "For Elliptic Curve keys only the following curves are supported: V(secp256r1), V(secp384r1), and V(secp521r1)."
      - 'Private keys can be created with the M(community.crypto.openssl_privatekey) or M(community.crypto.openssl_privatekey_pipe)
        modules. If the requisite (cryptography) is not available, keys can also be created directly with the C(openssl) command
        line tool: RSA keys can be created with C(openssl genrsa ...). Elliptic curve keys can be created with C(openssl ecparam
@@ -192,10 +194,12 @@ options:
      - Mutually exclusive with O(account_key_content).
      - Required if O(account_key_content) is not used.
    type: path
-    aliases: [account_key]
+    aliases:
      - account_key
  account_key_content:
    description:
      - Content of the ACME account RSA or Elliptic Curve key.
      - "For Elliptic Curve keys only the following curves are supported: V(secp256r1), V(secp384r1), and V(secp521r1)."
      - Mutually exclusive with O(account_key_src).
      - Required if O(account_key_src) is not used.
      - B(Warning:) the content will be written into a temporary file, which will be deleted by Ansible when the module completes.
--- a/plugins/doc_fragments/module_certificate.py
+++ b/plugins/doc_fragments/module_certificate.py
@@ -377,7 +377,8 @@ options:
      - This is only used by the V(selfsigned) provider.
    type: str
    default: +0s
-    aliases: [ selfsigned_notBefore ]
+    aliases:
      - selfsigned_notBefore
  selfsigned_not_after:
    description:
@@ -395,7 +396,8 @@ options:
        Please see U(https://support.apple.com/en-us/HT210176) for more details.
    type: str
    default: +3650d
-    aliases: [ selfsigned_notAfter ]
+    aliases:
      - selfsigned_notAfter
  selfsigned_create_subject_key_identifier:
    description:
--- a/plugins/doc_fragments/module_csr.py
+++ b/plugins/doc_fragments/module_csr.py
@@ -75,37 +75,51 @@ options:
    description:
      - The countryName field of the certificate signing request subject.
    type: str
-    aliases: [C, countryName]
+    aliases:
      - C
      - countryName
  state_or_province_name:
    description:
      - The stateOrProvinceName field of the certificate signing request subject.
    type: str
-    aliases: [ST, stateOrProvinceName]
+    aliases:
      - ST
      - stateOrProvinceName
  locality_name:
    description:
      - The localityName field of the certificate signing request subject.
    type: str
-    aliases: [L, localityName]
+    aliases:
      - L
      - localityName
  organization_name:
    description:
      - The organizationName field of the certificate signing request subject.
    type: str
-    aliases: [O, organizationName]
+    aliases:
      - O
      - organizationName
  organizational_unit_name:
    description:
      - The organizationalUnitName field of the certificate signing request subject.
    type: str
-    aliases: [OU, organizationalUnitName]
+    aliases:
      - OU
      - organizationalUnitName
  common_name:
    description:
      - The commonName field of the certificate signing request subject.
    type: str
-    aliases: [CN, commonName]
+    aliases:
      - CN
      - commonName
  email_address:
    description:
      - The emailAddress field of the certificate signing request subject.
    type: str
-    aliases: [E, emailAddress]
+    aliases:
      - E
      - emailAddress
  subject_alt_name:
    description:
      - Subject Alternative Name (SAN) extension to attach to the certificate signing request.
@@ -116,63 +130,75 @@ options:
      - More at U(https://tools.ietf.org/html/rfc5280#section-4.2.1.6).
    type: list
    elements: str
-    aliases: [subjectAltName]
+    aliases:
      - subjectAltName
  subject_alt_name_critical:
    description:
      - Should the subjectAltName extension be considered as critical.
    type: bool
    default: false
-    aliases: [subjectAltName_critical]
+    aliases:
      - subjectAltName_critical
  use_common_name_for_san:
    description:
      - If set to V(true), the module will fill the common name in for O(subject_alt_name) with C(DNS:) prefix if no SAN is
        specified.
    type: bool
    default: true
-    aliases: [useCommonNameForSAN]
+    aliases:
      - useCommonNameForSAN
  key_usage:
    description:
      - This defines the purpose (for example encipherment, signature, certificate signing) of the key contained in the certificate.
    type: list
    elements: str
-    aliases: [keyUsage]
+    aliases:
      - keyUsage
  key_usage_critical:
    description:
      - Should the keyUsage extension be considered as critical.
    type: bool
    default: false
-    aliases: [keyUsage_critical]
+    aliases:
      - keyUsage_critical
  extended_key_usage:
    description:
      - Additional restrictions (for example client authentication, server authentication) on the allowed purposes for which
        the public key may be used.
    type: list
    elements: str
-    aliases: [extKeyUsage, extendedKeyUsage]
+    aliases:
      - extKeyUsage
      - extendedKeyUsage
  extended_key_usage_critical:
    description:
      - Should the extkeyUsage extension be considered as critical.
    type: bool
    default: false
-    aliases: [extKeyUsage_critical, extendedKeyUsage_critical]
+    aliases:
      - extKeyUsage_critical
      - extendedKeyUsage_critical
  basic_constraints:
    description:
      - Indicates basic constraints, such as if the certificate is a CA.
    type: list
    elements: str
-    aliases: [basicConstraints]
+    aliases:
      - basicConstraints
  basic_constraints_critical:
    description:
      - Should the basicConstraints extension be considered as critical.
    type: bool
    default: false
-    aliases: [basicConstraints_critical]
+    aliases:
      - basicConstraints_critical
  ocsp_must_staple:
    description:
      - Indicates that the certificate should contain the OCSP Must Staple extension (U(https://tools.ietf.org/html/rfc7633)).
    type: bool
    default: false
-    aliases: [ocspMustStaple]
+    aliases:
      - ocspMustStaple
  ocsp_must_staple_critical:
    description:
      - Should the OCSP Must Staple extension be considered as critical.
@@ -180,7 +206,8 @@ options:
        OCSP Must Staple are required to reject such certificates (see U(https://tools.ietf.org/html/rfc7633#section-4)).
    type: bool
    default: false
-    aliases: [ocspMustStaple_critical]
+    aliases:
      - ocspMustStaple_critical
  name_constraints_permitted:
    description:
      - For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is allowed
--- a/plugins/module_utils/acme/account.py
+++ b/plugins/module_utils/acme/account.py
@@ -73,13 +73,28 @@ class ACMEAccount(object):
                # and provide external_account_binding credentials. Thus we first send a request with allow_creation=False
                # to see whether the account already exists.
-                # Note that we pass contact here: ZeroSSL does not accept registration calls without contacts, even
+                # Unfortunately, for other ACME servers it's the other way around: (at least some) HARICA endpoints
-                # if onlyReturnExisting is set to true.
+                # do not allow *any* access without external account data. That's why we catch errors and check
-                created, data = self._new_reg(contact=contact, allow_creation=False)
+                # for 'externalAccountRequired'.
-                if data:
+                try:
-                    # An account already exists! Return data
+                    # Note that we pass contact here: ZeroSSL does not accept registration calls without contacts, even
-                    return created, data
+                    # if onlyReturnExisting is set to true.
-                # An account does not yet exist. Try to create one next.
+                    created, data = self._new_reg(contact=contact, allow_creation=False)
                    if data:
                        # An account already exists! Return data
                        return created, data
                    # An account does not yet exist. Try to create one next.
                except ACMEProtocolException as exc:
                    if (
                        exc.error_type
                        != "urn:ietf:params:acme:error:externalAccountRequired"
                        or external_account_binding is None
                    ):
                        # Either another error happened, or we got 'externalAccountRequired' and external account data was not supplied
                        # => re-raise exception!
                        raise
                    # In this case, the server really wants external account data.
                    # The below code tries to create the account with external account data present.
            new_reg = {"contact": contact}
            if not allow_creation:
--- a/plugins/modules/acme_account.py
+++ b/plugins/modules/acme_account.py
@@ -105,8 +105,8 @@ options:
  external_account_binding:
    description:
      - Allows to provide external account binding data during account creation.
-      - This is used by CAs like Sectigo to bind a new ACME account to an existing CA-specific account, to be able to properly
+      - This is used by CAs like Sectigo, HARICA, or ZeroSSL to bind a new ACME account to an existing CA-specific account,
-        identify a customer.
+        to be able to properly identify a customer.
      - Only used when creating a new account. Can not be specified for ACME v1.
    type: dict
    suboptions:
--- a/tests/ee/all.yml
+++ b/tests/ee/all.yml
@@ -6,11 +6,11 @@
 - hosts: localhost
  tasks:
    - name: Show Python info
-      debug:
+      ansible.builtin.debug:
        var: ansible_python
    - name: Register cryptography version
-      command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
+      ansible.builtin.command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
      register: cryptography_version
    - name: Register pyOpenSSL version
@@ -19,7 +19,7 @@
      register: pyopenssl_version
    - name: Determine output directory
-      set_fact:
+      ansible.builtin.set_fact:
        output_path: "{{ 'output-%0x' % ((2**32) | random) }}"
    - name: Find all roles
--- a/tests/ee/roles/crypto_info/tasks/main.yml
+++ b/tests/ee/roles/crypto_info/tasks/main.yml
@@ -8,11 +8,11 @@
  register: result
 - name: Dump result
-  debug:
+  ansible.builtin.debug:
    var: result
 - name: Validate result
-  assert:
+  ansible.builtin.assert:
    that:
      - result.openssl_present
      - result.python_cryptography_installed
--- a/tests/ee/roles/luks_device/tasks/main.yml
+++ b/tests/ee/roles/luks_device/tasks/main.yml
@@ -24,13 +24,13 @@
  when: false
  block:
    - name: Create lookback device
-      command: losetup -f {{ cryptfile_path }}
+      ansible.builtin.command: losetup -f {{ cryptfile_path }}
    - name: Determine loop device name
-      command: losetup -j {{ cryptfile_path }} --output name
+      ansible.builtin.command: losetup -j {{ cryptfile_path }} --output name
      register: cryptfile_device_output
-    - set_fact:
+    - ansible.builtin.set_fact:
        cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
    - name: Create LUKS container
--- a/tests/ee/roles/smoke/tasks/main.yml
+++ b/tests/ee/roles/smoke/tasks/main.yml
@@ -8,7 +8,7 @@
  register: result
 - name: Validate result
-  assert:
+  ansible.builtin.assert:
    that:
      - result.msg == 'Everything is ok'
@@ -17,6 +17,6 @@
  register: result
 - name: Validate result
-  assert:
+  ansible.builtin.assert:
    that:
      - result.msg == 'Everything is ok'
--- a/tests/integration/targets/acme_account/tasks/impl.yml
+++ b/tests/integration/targets/acme_account/tasks/impl.yml
@@ -5,7 +5,7 @@
 - block:
    - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
        passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
        type: ECC
@@ -14,7 +14,7 @@
      loop: "{{ account_keys }}"
    - name: Parse account keys (to ease debugging some test failures)
-      openssl_privatekey_info:
+      community.crypto.openssl_privatekey_info:
        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
        passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
        return_private_key_data: true
@@ -30,7 +30,7 @@
      - name: accountkey5
 - name: Do not try to create account
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -42,7 +42,7 @@
  register: account_not_created
 - name: Create it now (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -58,7 +58,7 @@
  register: account_created_check
 - name: Create it now
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -72,7 +72,7 @@
  register: account_created
 - name: Create it now (idempotent)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -86,12 +86,12 @@
  register: account_created_idempotent
 - name: Read account key
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/accountkey.pem'
  register: slurp
 - name: Change email address (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_content: "{{ slurp.content | b64decode }}"
    acme_version: 2
@@ -106,7 +106,7 @@
  register: account_modified_check
 - name: Change email address
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_content: "{{ slurp.content | b64decode }}"
    acme_version: 2
@@ -119,7 +119,7 @@
  register: account_modified
 - name: Change email address (idempotent)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    account_uri: "{{ account_created.account_uri }}"
@@ -133,7 +133,7 @@
  register: account_modified_idempotent
 - name: Cannot access account with wrong URI
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
@@ -146,7 +146,7 @@
  register: account_modified_wrong_uri
 - name: Clear contact email addresses (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -160,7 +160,7 @@
  register: account_modified_2_check
 - name: Clear contact email addresses
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -172,7 +172,7 @@
  register: account_modified_2
 - name: Clear contact email addresses (idempotent)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -184,7 +184,7 @@
  register: account_modified_2_idempotent
 - name: Change account key (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -200,7 +200,7 @@
  register: account_change_key_check
 - name: Change account key
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -214,7 +214,7 @@
  register: account_change_key
 - name: Deactivate account (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
    account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -227,7 +227,7 @@
  register: account_deactivate_check
 - name: Deactivate account
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
    account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -238,7 +238,7 @@
  register: account_deactivate
 - name: Deactivate account (idempotent)
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
    account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -249,7 +249,7 @@
  register: account_deactivate_idempotent
 - name: Do not try to create account II
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
    account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -262,7 +262,7 @@
  register: account_not_created_2
 - name: Do not try to create account III
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -274,7 +274,7 @@
  register: account_not_created_3
 - name: Create account with External Account Binding
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem"
    acme_version: 2
@@ -304,4 +304,4 @@
      kid: kid-3
      alg: HS512
      key: zWNDZM6eQGHWpSRTPal5eIUYFTu7EajVIoguysqZ9wG44nMEtx3MUAsUDkMTQ12W
- debug: var=account_created_eab
+- ansible.builtin.debug: var=account_created_eab
--- a/tests/integration/targets/acme_account/tasks/main.yml
+++ b/tests/integration/targets/acme_account/tasks/main.yml
@@ -10,31 +10,31 @@
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: openssl
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_account/tests/validate.yml
+++ b/tests/integration/targets/acme_account/tests/validate.yml
@@ -4,13 +4,13 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Validate that account wasn't created in the first step
-  assert:
+  ansible.builtin.assert:
    that:
      - account_not_created is failed
      - account_not_created.msg == 'Account does not exist or is deactivated.'
 - name: Validate that account was created in the second step (check mode)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_created_check is changed
      - account_created_check.account_uri is none
@@ -21,19 +21,19 @@
      - account_created_check.diff.after.contact[0] in ['mailto:example@example.org', 'mailto:********@********.org']
 - name: Validate that account was created in the second step
-  assert:
+  ansible.builtin.assert:
    that:
      - account_created is changed
      - account_created.account_uri is not none
 - name: Validate that account was created in the second step (idempotency)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_created_idempotent is not changed
      - account_created_idempotent.account_uri is not none
 - name: Validate that email address was changed (check mode)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified_check is changed
      - account_modified_check.account_uri is not none
@@ -44,24 +44,24 @@
      - account_modified_check.diff.after.contact[0] in ['mailto:example@example.com', 'mailto:********@********.com']
 - name: Validate that email address was changed
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified is changed
      - account_modified.account_uri is not none
 - name: Validate that email address was not changed a second time (idempotency)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified_idempotent is not changed
      - account_modified_idempotent.account_uri is not none
 - name: Make sure that with the wrong account URI, the account cannot be changed
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified_wrong_uri is failed
 - name: Validate that email address was cleared (check mode)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified_2_check is changed
      - account_modified_2_check.account_uri is not none
@@ -71,19 +71,19 @@
      - account_modified_2_check.diff.after.contact | length == 0
 - name: Validate that email address was cleared
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified_2 is changed
      - account_modified_2.account_uri is not none
 - name: Validate that email address was not cleared a second time (idempotency)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified_2_idempotent is not changed
      - account_modified_2_idempotent.account_uri is not none
 - name: Validate that the account key was changed (check mode)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_change_key_check is changed
      - account_change_key_check.account_uri is not none
@@ -91,13 +91,13 @@
      - account_change_key_check.diff.before.public_account_key != account_change_key_check.diff.after.public_account_key
 - name: Validate that the account key was changed
-  assert:
+  ansible.builtin.assert:
    that:
      - account_change_key is changed
      - account_change_key.account_uri is not none
 - name: Validate that the account was deactivated (check mode)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_deactivate_check is changed
      - account_deactivate_check.account_uri is not none
@@ -106,13 +106,13 @@
      - "account_deactivate_check.diff.after == {}"
 - name: Validate that the account was deactivated
-  assert:
+  ansible.builtin.assert:
    that:
      - account_deactivate is changed
      - account_deactivate.account_uri is not none
 - name: Validate that the account was really deactivated (idempotency)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_deactivate_idempotent is not changed
      # The next condition should be true for all conforming ACME servers.
@@ -121,19 +121,19 @@
      - account_deactivate_idempotent.account_uri is none
 - name: Validate that the account is gone (new account key)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_not_created_2 is failed
      - account_not_created_2.msg == 'Account does not exist or is deactivated.'
 - name: Validate that the account is gone (old account key)
-  assert:
+  ansible.builtin.assert:
    that:
      - account_not_created_3 is failed
      - account_not_created_3.msg == 'Account does not exist or is deactivated.'
 - name: Validate that the account with External Account Binding has been created
-  assert:
+  ansible.builtin.assert:
    that:
      - account_created_eab.results[0] is changed
      - account_created_eab.results[1] is changed
--- a/tests/integration/targets/acme_account_info/tasks/impl.yml
+++ b/tests/integration/targets/acme_account_info/tasks/impl.yml
@@ -5,7 +5,7 @@
 - block:
    - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
        type: ECC
        curve: secp256r1
@@ -13,7 +13,7 @@
      loop: "{{ account_keys }}"
    - name: Parse account keys (to ease debugging some test failures)
-      openssl_privatekey_info:
+      community.crypto.openssl_privatekey_info:
        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
        return_private_key_data: true
      loop: "{{ account_keys }}"
@@ -24,7 +24,7 @@
      - accountkey2
 - name: Check that account does not exist
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -33,7 +33,7 @@
  register: account_not_created
 - name: Create it now
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -46,7 +46,7 @@
      - mailto:example@example.org
 - name: Check that account exists
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -55,12 +55,12 @@
  register: account_created
 - name: Read account key
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/accountkey.pem'
  register: slurp
 - name: Clear email address
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_content: "{{ slurp.content | b64decode }}"
    acme_version: 2
@@ -71,7 +71,7 @@
    contact: []
 - name: Check that account was modified
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -81,7 +81,7 @@
  register: account_modified
 - name: Check with wrong account URI
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    acme_version: 2
@@ -91,7 +91,7 @@
  register: account_not_exist
 - name: Check with wrong account key
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
    acme_version: 2
--- a/tests/integration/targets/acme_account_info/tasks/main.yml
+++ b/tests/integration/targets/acme_account_info/tasks/main.yml
@@ -10,31 +10,31 @@
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: openssl
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_account_info/tests/validate.yml
+++ b/tests/integration/targets/acme_account_info/tests/validate.yml
@@ -4,14 +4,14 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Validate that account wasn't there
-  assert:
+  ansible.builtin.assert:
    that:
      - not account_not_created.exists
      - account_not_created.account_uri is none
      - "'account' not in account_not_created"
 - name: Validate that account was created
-  assert:
+  ansible.builtin.assert:
    that:
      - account_created.exists
      - account_created.account_uri is not none
@@ -22,7 +22,7 @@
      - "account_created.account.contact[0] == 'mailto:example@example.org'"
 - name: Validate that account email was removed
-  assert:
+  ansible.builtin.assert:
    that:
      - account_modified.exists
      - account_modified.account_uri is not none
@@ -32,13 +32,13 @@
      - account_modified.account.contact | length == 0
 - name: Validate that account does not exist with wrong account URI
-  assert:
+  ansible.builtin.assert:
    that:
      - not account_not_exist.exists
      - account_not_exist.account_uri is none
      - "'account' not in account_not_exist"
 - name: Validate that account cannot be accessed with wrong key
-  assert:
+  ansible.builtin.assert:
    that:
      - account_wrong_key is failed
--- a/tests/integration/targets/acme_ari_info/tasks/impl.yml
+++ b/tests/integration/targets/acme_ari_info/tasks/impl.yml
@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
    - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
        type: "{{ item.type }}"
        size: "{{ item.size | default(omit) }}"
@@ -21,7 +21,7 @@
        curve: secp256r1
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 1 for renewal check
    certificate_name: cert-1
@@ -39,18 +39,18 @@
    account_email: "example@example.org"
 ## OBTAIN CERTIFICATE INFOS ###################################################################
 - name: Dump OpenSSL x509 info
-  command:
+  ansible.builtin.command:
    cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text
 - name: Obtain certificate information
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-1.pem"
  register: cert_1_info
 - name: Read certificate
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/cert-1.pem'
  register: slurp_cert_1
 - name: Obtain certificate information
-  acme_ari_info:
+  community.crypto.acme_ari_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
    acme_version: 2
--- a/tests/integration/targets/acme_ari_info/tasks/main.yml
+++ b/tests/integration/targets/acme_ari_info/tasks/main.yml
@@ -14,31 +14,31 @@
  block:
    - block:
        - name: Running tests with OpenSSL backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
          vars:
            select_crypto_backend: openssl
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
      # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
      when: openssl_version.stdout is version('1.0.0', '>=')
    - name: Remove output directory
-      file:
+      ansible.builtin.file:
        path: "{{ remote_tmp_dir }}"
        state: absent
    - name: Re-create output directory
-      file:
+      ansible.builtin.file:
        path: "{{ remote_tmp_dir }}"
        state: directory
    - block:
        - name: Running tests with cryptography backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
          vars:
            select_crypto_backend: cryptography
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
      when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_ari_info/tests/validate.yml
+++ b/tests/integration/targets/acme_ari_info/tests/validate.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Validate results
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_1 is not changed
      - cert_1.renewal_info.explanationURL is not defined or cert_1.renewal_info.explanationURL is string
--- a/tests/integration/targets/acme_certificate/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate/tasks/impl.yml
@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
    - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
        type: "{{ item.type }}"
        size: "{{ item.size | default(omit) }}"
@@ -28,7 +28,7 @@
 ## SET UP ACCOUNTS ############################################################################
 - name: Make sure ECC256 account hasn't been created yet
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
@@ -36,11 +36,11 @@
    account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
    state: absent
 - name: Read account key (EC384)
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/account-ec384.pem'
  register: slurp
 - name: Create ECC384 account
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
@@ -53,7 +53,7 @@
      - mailto:example@example.org
      - mailto:example@example.com
 - name: Create RSA account
-  acme_account:
+  community.crypto.acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
@@ -66,7 +66,7 @@
 ## OBTAIN CERTIFICATES ########################################################################
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 1
    certificate_name: cert-1
@@ -89,11 +89,11 @@
        issuer: "{{ acme_roots[1].subject }}"
    use_csr_content: true
 - name: Store obtain results for cert 1
-  set_fact:
+  ansible.builtin.set_fact:
    cert_1_obtain_results: "{{ certificate_obtain_result }}"
    cert_1_alternate: "{{ 1 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 2
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 2
    certificate_name: cert-2
@@ -122,15 +122,15 @@
        issuer: "{{ acme_roots[2].subject }}"
    use_csr_content: false
 - name: Store obtain results for cert 2
-  set_fact:
+  ansible.builtin.set_fact:
    cert_2_obtain_results: "{{ certificate_obtain_result }}"
    cert_2_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Read account key (RSA)
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/account-rsa.pem'
  register: slurp_account_key
 - name: Obtain cert 3
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 3
    certificate_name: cert-3
@@ -152,11 +152,11 @@
        subject: "{{ acme_roots[1].subject }}"
    use_csr_content: true
 - name: Store obtain results for cert 3
-  set_fact:
+  ansible.builtin.set_fact:
    cert_3_obtain_results: "{{ certificate_obtain_result }}"
    cert_3_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 4
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 4
    certificate_name: cert-4
@@ -181,11 +181,11 @@
        issuer: "{{ acme_roots[1].subject }}"
    use_csr_content: false
 - name: Store obtain results for cert 4
-  set_fact:
+  ansible.builtin.set_fact:
    cert_4_obtain_results: "{{ certificate_obtain_result }}"
    cert_4_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 5
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 1/4
    certificate_name: cert-5
@@ -202,11 +202,11 @@
    account_email: ""
    use_csr_content: true
 - name: Store obtain results for cert 5a
-  set_fact:
+  ansible.builtin.set_fact:
    cert_5a_obtain_results: "{{ certificate_obtain_result }}"
    cert_5_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 5 (should not, since already there and valid for more than 1 days)
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 2/4
    certificate_name: cert-5
@@ -223,10 +223,10 @@
    account_email: ""
    use_csr_content: false
 - name: Store obtain results for cert 5b
-  set_fact:
+  ansible.builtin.set_fact:
    cert_5_recreate_1: "{{ challenge_data is changed }}"
 - name: Obtain cert 5 (should again by less days)
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 3/4
    certificate_name: cert-5
@@ -245,15 +245,15 @@
    acme_certificate_profile: "{{ '6days' if acme_supports_profiles else omit }}"
    acme_certificate_include_renewal_cert_id: when_ari_supported
 - name: Store obtain results for cert 5c
-  set_fact:
+  ansible.builtin.set_fact:
    cert_5_recreate_2: "{{ challenge_data is changed }}"
    cert_5c_obtain_results: "{{ certificate_obtain_result }}"
 - name: Read account key (EC384)
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/account-ec384.pem'
  register: slurp_account_key
 - name: Obtain cert 5 (should again by force)
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 4/4
    certificate_name: cert-5
@@ -270,12 +270,12 @@
    account_email: ""
    use_csr_content: false
 - name: Store obtain results for cert 5d
-  set_fact:
+  ansible.builtin.set_fact:
    cert_5_recreate_3: "{{ challenge_data is changed }}"
    cert_5d_obtain_results: "{{ certificate_obtain_result }}"
 - block:
    - name: Obtain cert 6
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
      vars:
        certgen_title: Certificate 6
        certificate_name: cert-6
@@ -303,13 +303,13 @@
            issuer: "{{ acme_roots[1].subject }}"
        use_csr_content: true
    - name: Store obtain results for cert 6
-      set_fact:
+      ansible.builtin.set_fact:
        cert_6_obtain_results: "{{ certificate_obtain_result }}"
        cert_6_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
  when: acme_intermediates[0].subject_key_identifier is defined
 - block:
    - name: Obtain cert 7
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
      vars:
        certgen_title: Certificate 7
        certificate_name: cert-7
@@ -333,13 +333,13 @@
            authority_key_identifier: "{{ acme_roots[2].subject_key_identifier }}"
        use_csr_content: false
    - name: Store obtain results for cert 7
-      set_fact:
+      ansible.builtin.set_fact:
        cert_7_obtain_results: "{{ certificate_obtain_result }}"
        cert_7_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}"
  when: acme_roots[2].subject_key_identifier is defined
 - block:
    - name: Obtain cert 8
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
      vars:
        certgen_title: Certificate 8
        certificate_name: cert-8
@@ -361,7 +361,7 @@
        account_email: "example@example.org"
        use_csr_content: true
    - name: Store obtain results for cert 8
-      set_fact:
+      ansible.builtin.set_fact:
        cert_8_obtain_results: "{{ certificate_obtain_result }}"
        cert_8_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
  when: cryptography_version.stdout is version('1.3', '>=')
@@ -369,110 +369,110 @@
 ## DISSECT CERTIFICATES #######################################################################
 # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
 - name: Verifying cert 1
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"'
  ignore_errors: true
  register: cert_1_valid
 - name: Verifying cert 2
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"'
  ignore_errors: true
  register: cert_2_valid
 - name: Verifying cert 3
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"'
  ignore_errors: true
  register: cert_3_valid
 - name: Verifying cert 4
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"'
  ignore_errors: true
  register: cert_4_valid
 - name: Verifying cert 5
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"'
  ignore_errors: true
  register: cert_5_valid
 - name: Verifying cert 6
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"'
  ignore_errors: true
  register: cert_6_valid
  when: acme_intermediates[0].subject_key_identifier is defined
 - name: Verifying cert 7
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"'
  ignore_errors: true
  register: cert_7_valid
  when: acme_roots[2].subject_key_identifier is defined
 - name: Verifying cert 8
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"'
  ignore_errors: true
  register: cert_8_valid
  when: cryptography_version.stdout is version('1.3', '>=')
 # Dump certificate info
 - name: Dumping cert 1
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text'
  register: cert_1_text
 - name: Dumping cert 2
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-2.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-2.pem" -noout -text'
  register: cert_2_text
 - name: Dumping cert 3
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-3.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-3.pem" -noout -text'
  register: cert_3_text
 - name: Dumping cert 4
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-4.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-4.pem" -noout -text'
  register: cert_4_text
 - name: Dumping cert 5
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-5.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-5.pem" -noout -text'
  register: cert_5_text
 - name: Dumping cert 6
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-6.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-6.pem" -noout -text'
  register: cert_6_text
  when: acme_intermediates[0].subject_key_identifier is defined
 - name: Dumping cert 7
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-7.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-7.pem" -noout -text'
  register: cert_7_text
  when: acme_roots[2].subject_key_identifier is defined
 - name: Dumping cert 8
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text'
  register: cert_8_text
  when: cryptography_version.stdout is version('1.3', '>=')
 # Dump certificate info
 - name: Dumping cert 1
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-1.pem"
  register: cert_1_info
 - name: Dumping cert 2
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-2.pem"
  register: cert_2_info
 - name: Dumping cert 3
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-3.pem"
  register: cert_3_info
 - name: Dumping cert 4
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-4.pem"
  register: cert_4_info
 - name: Dumping cert 5
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-5.pem"
  register: cert_5_info
 - name: Dumping cert 6
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-6.pem"
  register: cert_6_info
  when: acme_intermediates[0].subject_key_identifier is defined
 - name: Dumping cert 7
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-7.pem"
  register: cert_7_info
  when: acme_roots[2].subject_key_identifier is defined
 - name: Dumping cert 8
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-8.pem"
  register: cert_8_info
  when: cryptography_version.stdout is version('1.3', '>=')
 ## GET ACCOUNT ORDERS #########################################################################
 - name: Don't retrieve orders
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
    acme_version: 2
@@ -481,7 +481,7 @@
    retrieve_orders: ignore
  register: account_orders_not
 - name: Retrieve orders as URL list (1/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
    acme_version: 2
@@ -490,7 +490,7 @@
    retrieve_orders: url_list
  register: account_orders_urls
 - name: Retrieve orders as URL list (2/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
    acme_version: 2
@@ -499,7 +499,7 @@
    retrieve_orders: url_list
  register: account_orders_urls2
 - name: Retrieve orders as object list (1/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
    acme_version: 2
@@ -508,7 +508,7 @@
    retrieve_orders: object_list
  register: account_orders_full
 - name: Retrieve orders as object list (2/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
    acme_version: 2
--- a/tests/integration/targets/acme_certificate/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate/tasks/main.yml
@@ -10,46 +10,46 @@
 - block:
    - name: Obtain root and intermediate certificates
-      get_url:
+      ansible.builtin.get_url:
        url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}"
        dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem"
      loop: "{{ query('nested', types, root_numbers) }}"
    - name: Analyze root certificates
-      x509_certificate_info:
+      community.crypto.x509_certificate_info:
        path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem"
      loop: "{{ root_numbers }}"
      register: acme_roots
    - name: Analyze intermediate certificates
-      x509_certificate_info:
+      community.crypto.x509_certificate_info:
        path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem"
      loop: "{{ root_numbers }}"
      register: acme_intermediates
    - name: Read root certificates
-      slurp:
+      ansible.builtin.slurp:
        src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}"
      loop: "{{ root_numbers }}"
      register: slurp_roots
-    - set_fact:
+    - ansible.builtin.set_fact:
        x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
      loop: "{{ acme_roots.results }}"
      register: acme_roots_tmp
    - name: Read intermediate certificates
-      slurp:
+      ansible.builtin.slurp:
        src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}"
      loop: "{{ root_numbers }}"
      register: slurp_intermediates
-    - set_fact:
+    - ansible.builtin.set_fact:
        x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
      loop: "{{ acme_intermediates.results }}"
      register: acme_intermediates_tmp
-    - set_fact:
+    - ansible.builtin.set_fact:
        acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}"
        acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}"
        acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}"
@@ -74,48 +74,48 @@
      # - public_key_fingerprints
 - name: ACME root certificate info
-  debug:
+  ansible.builtin.debug:
    var: acme_roots
 # - name: ACME root certificates as PEM
-#   debug:
+#   ansible.builtin.debug:
 #     var: acme_root_certs
 - name: ACME intermediate certificate info
-  debug:
+  ansible.builtin.debug:
    var: acme_intermediates
 # - name: ACME intermediate certificates as PEM
-#   debug:
+#   ansible.builtin.debug:
 #     var: acme_intermediate_certs
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: openssl
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate/tests/validate.yml
+++ b/tests/integration/targets/acme_certificate/tests/validate.yml
@@ -4,15 +4,15 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Check that certificate 1 is valid
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_1_valid is not failed
 - name: Check that certificate 1 contains correct SANs
-  assert:
+  ansible.builtin.assert:
    that:
      - "'DNS:example.com' in cert_1_text.stdout"
 - name: Read certificate 1 files
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/{{ item }}'
  loop:
    - cert-1.pem
@@ -20,7 +20,7 @@
    - cert-1-fullchain.pem
  register: slurp
 - name: Check that certificate 1 retrieval got all chains
-  assert:
+  ansible.builtin.assert:
    that:
      - "'all_chains' in cert_1_obtain_results"
      - "cert_1_obtain_results.all_chains | length > 1"
@@ -32,16 +32,16 @@
      - "(slurp.results[2].content | b64decode) == cert_1_obtain_results.all_chains[cert_1_alternate | int].full_chain"
 - name: Check that certificate 2 is valid
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_2_valid is not failed
 - name: Check that certificate 2 contains correct SANs
-  assert:
+  ansible.builtin.assert:
    that:
      - "'DNS:*.example.com' in cert_2_text.stdout"
      - "'DNS:example.com' in cert_2_text.stdout"
 - name: Read certificate 2 files
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/{{ item }}'
  loop:
    - cert-2.pem
@@ -49,7 +49,7 @@
    - cert-2-fullchain.pem
  register: slurp
 - name: Check that certificate 1 retrieval got all chains
-  assert:
+  ansible.builtin.assert:
    that:
      - "'all_chains' in cert_2_obtain_results"
      - "cert_2_obtain_results.all_chains | length > 1"
@@ -61,17 +61,17 @@
      - "(slurp.results[2].content | b64decode) == cert_2_obtain_results.all_chains[cert_2_alternate | int].full_chain"
 - name: Check that certificate 3 is valid
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_3_valid is not failed
 - name: Check that certificate 3 contains correct SANs
-  assert:
+  ansible.builtin.assert:
    that:
      - "'DNS:*.example.com' in cert_3_text.stdout"
      - "'DNS:example.org' in cert_3_text.stdout"
      - "'DNS:t1.example.com' in cert_3_text.stdout"
 - name: Read certificate 3 files
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/{{ item }}'
  loop:
    - cert-3.pem
@@ -79,7 +79,7 @@
    - cert-3-fullchain.pem
  register: slurp
 - name: Check that certificate 1 retrieval got all chains
-  assert:
+  ansible.builtin.assert:
    that:
      - "'all_chains' in cert_3_obtain_results"
      - "cert_3_obtain_results.all_chains | length > 1"
@@ -91,11 +91,11 @@
      - "(slurp.results[2].content | b64decode) == cert_3_obtain_results.all_chains[cert_3_alternate | int].full_chain"
 - name: Check that certificate 4 is valid
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_4_valid is not failed
 - name: Check that certificate 4 contains correct SANs
-  assert:
+  ansible.builtin.assert:
    that:
      - "'DNS:example.com' in cert_4_text.stdout"
      - "'DNS:t1.example.com' in cert_4_text.stdout"
@@ -103,72 +103,72 @@
      - "'DNS:example.org' in cert_4_text.stdout"
      - "'DNS:TesT.example.org' in cert_4_text.stdout"
 - name: Check that certificate 4 retrieval did not get all chains
-  assert:
+  ansible.builtin.assert:
    that:
      - "'all_chains' not in cert_4_obtain_results"
 - name: Check that certificate 5 is valid
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_5_valid is not failed
 - name: Check that certificate 5 contains correct SANs
-  assert:
+  ansible.builtin.assert:
    that:
      - "'DNS:t2.example.com' in cert_5_text.stdout"
 - name: Check that certificate 5 was not recreated on the first try
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_5_recreate_1 == false
 - name: Check that certificate 5 was recreated on the second try
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_5_recreate_2 == true
 - name: Check that certificate 5 was recreated on the third try
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_5_recreate_3 == true
 - block:
    - name: Check that certificate 6 is valid
-      assert:
+      ansible.builtin.assert:
        that:
          - cert_6_valid is not failed
    - name: Check that certificate 6 contains correct SANs
-      assert:
+      ansible.builtin.assert:
        that:
          - "'DNS:example.org' in cert_6_text.stdout"
  when: acme_intermediates[0].subject_key_identifier is defined
 - block:
    - name: Check that certificate 7 is valid
-      assert:
+      ansible.builtin.assert:
        that:
          - cert_7_valid is not failed
    - name: Check that certificate 7 contains correct SANs
-      assert:
+      ansible.builtin.assert:
        that:
          - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
  when: acme_roots[2].subject_key_identifier is defined
 - block:
    - name: Check that certificate 8 is valid
-      assert:
+      ansible.builtin.assert:
        that:
          - cert_8_valid is not failed
    - name: Check that certificate 8 contains correct SANs
-      assert:
+      ansible.builtin.assert:
        that:
          - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: Validate that orders were not retrieved
-  assert:
+  ansible.builtin.assert:
    that:
      - "'account' in account_orders_not"
      - "'orders' not in account_orders_not"
 - name: Validate that orders were retrieved as list of URLs (1/2)
-  assert:
+  ansible.builtin.assert:
    that:
      - "'account' in account_orders_urls"
      - "'orders' not in account_orders_urls"
@@ -176,7 +176,7 @@
      - "account_orders_urls.order_uris[0] is string"
 - name: Validate that orders were retrieved as list of URLs (2/2)
-  assert:
+  ansible.builtin.assert:
    that:
      - "'account' in account_orders_urls2"
      - "'orders' not in account_orders_urls2"
@@ -184,7 +184,7 @@
      - "account_orders_urls2.order_uris[0] is string"
 - name: Validate that orders were retrieved as list of objects (1/2)
-  assert:
+  ansible.builtin.assert:
    that:
      - "'account' in account_orders_full"
      - "'orders' in account_orders_full"
@@ -193,7 +193,7 @@
      - "account_orders_full.order_uris[0] is string"
 - name: Validate that orders were retrieved as list of objects (2/2)
-  assert:
+  ansible.builtin.assert:
    that:
      - "'account' in account_orders_full2"
      - "'orders' in account_orders_full2"
--- a/tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml
@@ -9,24 +9,24 @@
    account_email: example@example.org
  block:
    - name: Generate account key
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/account-ec256.pem"
        type: ECC
        curve: secp256r1
        force: true
    - name: Create cert private key
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
        type: ECC
        curve: secp256r1
        force: true
    - name: Create cert CSR
-      openssl_csr:
+      community.crypto.openssl_csr:
        path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr"
        privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
        subject_alt_name: "{{ subject_alt_name }}"
    - name: Start process of obtaining certificate
-      acme_certificate:
+      community.crypto.acme_certificate:
        select_crypto_backend: "{{ select_crypto_backend }}"
        acme_version: 2
        acme_directory: "{{ acme_directory_url }}"
@@ -42,7 +42,7 @@
      register: certificate_data
 - name: Inspect order
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -52,11 +52,11 @@
    method: get
  register: order_1
 - name: Show order
-  debug:
+  ansible.builtin.debug:
    var: order_1.output_json
 - name: Deactivate order (check mode)
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -67,7 +67,7 @@
  register: deactivate_1
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -77,11 +77,11 @@
    method: get
  register: order_2
 - name: Show order
-  debug:
+  ansible.builtin.debug:
    var: order_2.output_json
 - name: Deactivate order
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -91,7 +91,7 @@
  register: deactivate_2
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -101,11 +101,11 @@
    method: get
  register: order_3
 - name: Show order
-  debug:
+  ansible.builtin.debug:
    var: order_3.output_json
 - name: Deactivate order (check mode, idempotent)
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -116,7 +116,7 @@
  register: deactivate_3
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -126,11 +126,11 @@
    method: get
  register: order_4
 - name: Show order
-  debug:
+  ansible.builtin.debug:
    var: order_4.output_json
 - name: Deactivate order (idempotent)
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -140,7 +140,7 @@
  register: deactivate_4
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -150,5 +150,5 @@
    method: get
  register: order_5
 - name: Show order
-  debug:
+  ansible.builtin.debug:
    var: order_5.output_json
--- a/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml
@@ -10,31 +10,31 @@
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: openssl
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml
+++ b/tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Checks
-  assert:
+  ansible.builtin.assert:
    that:
      - order_1.output_json.status == 'pending'
      - deactivate_1 is changed
--- a/tests/integration/targets/acme_certificate_order/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate_order/tasks/impl.yml
@@ -4,23 +4,23 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: "({{ select_crypto_backend }}) Generate random domain name"
-  set_fact:
+  ansible.builtin.set_fact:
    domain_name: "host{{ '%0x' % ((2**32) | random) }}.example.com"
 - name: "({{ select_crypto_backend }}) Generate account key"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: "{{ remote_tmp_dir }}/accountkey.pem"
    type: ECC
    curve: secp256r1
    force: true
 - name: "({{ select_crypto_backend }}) Parse account keys (to ease debugging some test failures)"
-  openssl_privatekey_info:
+  community.crypto.openssl_privatekey_info:
    path: "{{ remote_tmp_dir }}/accountkey.pem"
    return_private_key_data: true
 - name: "({{ select_crypto_backend }}) Create ACME account"
-  acme_account:
+  community.crypto.acme_account:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -31,14 +31,14 @@
  register: account
 - name: "({{ select_crypto_backend }}) Generate certificate key"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: "{{ remote_tmp_dir }}/cert.key"
    type: ECC
    curve: secp256r1
    force: true
 - name: "({{ select_crypto_backend }}) Generate certificate CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: "{{ remote_tmp_dir }}/cert.csr"
    privatekey_path: "{{ remote_tmp_dir }}/cert.key"
    subject:
@@ -47,7 +47,7 @@
  register: csr
 - name: "({{ select_crypto_backend }}) Create certificate order"
-  acme_certificate_order_create:
+  community.crypto.acme_certificate_order_create:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -57,11 +57,11 @@
  register: order_1
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
    var: order_1
 - name: "({{ select_crypto_backend }}) Check order"
-  assert:
+  ansible.builtin.assert:
    that:
      - order_1 is changed
      - order_1.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -81,7 +81,7 @@
      - order_1.account_uri == account.account_uri
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -91,11 +91,11 @@
  register: order_info_1
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
    var: order_info_1
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
    that:
      - order_info_1 is not changed
      - order_info_1.authorizations_by_identifier | length == 1
@@ -120,8 +120,8 @@
      - order_info_1.account_uri == account.account_uri
 - name: "({{ select_crypto_backend }}) Create HTTP challenges"
-  uri:
+  ansible.builtin.uri:
-    url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/'|length):] }}"
+    url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}"
    method: PUT
    body_format: raw
    body: "{{ item.challenges['http-01'].resource_value }}"
@@ -142,7 +142,7 @@
  register: validate_1
 - name: "({{ select_crypto_backend }}) Check validation result"
-  assert:
+  ansible.builtin.assert:
    that:
      - validate_1 is changed
      - validate_1.account_uri == account.account_uri
@@ -153,7 +153,7 @@
  when: ansible_version.full is version('2.12', '<')
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -163,11 +163,11 @@
  register: order_info_2
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
    var: order_info_2
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
    that:
      - order_info_2 is not changed
      - order_info_2.authorizations_by_identifier | length == 1
@@ -203,7 +203,7 @@
  register: validate_2
 - name: "({{ select_crypto_backend }}) Check validation result"
-  assert:
+  ansible.builtin.assert:
    that:
      - validate_2 is not changed
      - validate_2.account_uri == account.account_uri
@@ -225,7 +225,7 @@
  register: finalize_1
 - name: "({{ select_crypto_backend }}) Check finalization result"
-  assert:
+  ansible.builtin.assert:
    that:
      - finalize_1 is changed
      - finalize_1.account_uri == account.account_uri
@@ -236,7 +236,7 @@
      - finalize_1.selected_chain.full_chain == finalize_1.selected_chain.cert + finalize_1.selected_chain.chain
 - name: "({{ select_crypto_backend }}) Read files from disk"
-  slurp:
+  ansible.builtin.slurp:
    src: "{{ remote_tmp_dir }}/{{ item }}.pem"
  loop:
    - cert
@@ -245,14 +245,14 @@
  register: slurp
 - name: "({{ select_crypto_backend }}) Compare finalization result with files on disk"
-  assert:
+  ansible.builtin.assert:
    that:
      - finalize_1.selected_chain.cert == slurp.results[0].content | b64decode
      - finalize_1.selected_chain.chain == slurp.results[1].content | b64decode
      - finalize_1.selected_chain.full_chain == slurp.results[2].content | b64decode
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -262,11 +262,11 @@
  register: order_info_3
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
    var: order_info_3
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
    that:
      - order_info_3 is not changed
      - order_info_3.authorizations_by_identifier['dns:' ~ domain_name].identifier.type == 'dns'
@@ -304,7 +304,7 @@
  register: finalize_2
 - name: "({{ select_crypto_backend }}) Check finalization result"
-  assert:
+  ansible.builtin.assert:
    that:
      - finalize_2 is not changed
      - finalize_2.account_uri == account.account_uri
@@ -316,7 +316,7 @@
      - finalize_2.selected_chain == finalize_1.selected_chain
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -326,11 +326,11 @@
  register: order_info_4
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
    var: order_info_4
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
    that:
      - order_info_4 is not changed
      - order_info_4.authorizations_by_identifier['dns:' ~ domain_name].identifier.type == 'dns'
@@ -356,7 +356,7 @@
 - when: acme_supports_ari
  block:
    - name: "({{ select_crypto_backend }}) Get certificate renewal information"
-      acme_certificate_renewal_info:
+      community.crypto.acme_certificate_renewal_info:
        acme_directory: "{{ acme_directory_url }}"
        acme_version: 2
        validate_certs: false
@@ -366,14 +366,14 @@
      register: cert_info
    - name: "({{ select_crypto_backend }}) Verify information"
-      assert:
+      ansible.builtin.assert:
        that:
          - cert_info.supports_ari == true
          - cert_info.should_renew == false
          - cert_info.cert_id is string
    - name: "({{ select_crypto_backend }}) Create replacement order 1"
-      acme_certificate_order_create:
+      community.crypto.acme_certificate_order_create:
        acme_directory: "{{ acme_directory_url }}"
        acme_version: 2
        validate_certs: false
@@ -386,7 +386,7 @@
      register: replacement_order_1
    - name: "({{ select_crypto_backend }}) Get replacement order 1 information"
-      acme_certificate_order_info:
+      community.crypto.acme_certificate_order_info:
        acme_directory: "{{ acme_directory_url }}"
        acme_version: 2
        validate_certs: false
@@ -396,7 +396,7 @@
      register: order_info_5
    - name: "({{ select_crypto_backend }}) Check replacement order 1"
-      assert:
+      ansible.builtin.assert:
        that:
          - replacement_order_1 is changed
          - replacement_order_1.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -417,7 +417,7 @@
          - replacement_order_1.order_uri not in [order_1.order_uri]
    - name: "({{ select_crypto_backend }}) Check replacement order 1 information"
-      assert:
+      ansible.builtin.assert:
        that:
          - order_info_5 is not changed
          - order_info_5.authorizations_by_identifier | length == 1
@@ -446,7 +446,7 @@
    - when: false  # TODO get Pebble improved
      block:
        - name: "({{ select_crypto_backend }}) Create replacement order 2 (should fail)"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -459,7 +459,7 @@
          ignore_errors: true
        - name: "({{ select_crypto_backend }}) Check replacement order 2"
-          assert:
+          ansible.builtin.assert:
            that:
              - replacement_order_2 is failed
              - >-
@@ -470,7 +470,7 @@
                )
        - name: "({{ select_crypto_backend }}) Create replacement order 3 with error handling"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -482,7 +482,7 @@
          register: replacement_order_3
        - name: "({{ select_crypto_backend }}) Get replacement order 3 information"
-          acme_certificate_order_info:
+          community.crypto.acme_certificate_order_info:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -492,7 +492,7 @@
          register: order_info_6
        - name: "({{ select_crypto_backend }}) Check replacement order 3"
-          assert:
+          ansible.builtin.assert:
            that:
              - replacement_order_3 is changed
              - replacement_order_3.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -515,7 +515,7 @@
                ('Stop passing `replaces=' ~ cert_info.cert_id ~ '` due to error 409 urn:ietf:params:acme:error:malformed when creating ACME order') in replacement_order_3.warnings
        - name: "({{ select_crypto_backend }}) Check replacement order 3 information"
-          assert:
+          ansible.builtin.assert:
            that:
              - order_info_6 is not changed
              - order_info_6.authorizations_by_identifier | length == 1
@@ -540,7 +540,7 @@
              - order_info_6.account_uri == account.account_uri
        - name: "({{ select_crypto_backend }}) Deactivate authzs for replacement order 3"
-          acme_certificate_deactivate_authz:
+          community.crypto.acme_certificate_deactivate_authz:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -551,8 +551,8 @@
    # Complete replacement order 1
    - name: "({{ select_crypto_backend }}) Create HTTP challenges (replacement order 1)"
-      uri:
+      ansible.builtin.uri:
-        url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/'|length):] }}"
+        url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}"
        method: PUT
        body_format: raw
        body: "{{ item.challenges['http-01'].resource_value }}"
@@ -590,7 +590,7 @@
    - when: true
      block:
        - name: "({{ select_crypto_backend }}) Create replacement order 4 (should fail)"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -603,7 +603,7 @@
          ignore_errors: true
        - name: "({{ select_crypto_backend }}) Check replacement order 4"
-          assert:
+          ansible.builtin.assert:
            that:
              - replacement_order_4 is failed
              - replacement_order_4.msg.startswith('Failed to start new order for https://' ~ acme_host)
@@ -611,7 +611,7 @@
                ' with status 409 Conflict. Error urn:ietf:params:acme:error:malformed: ' in replacement_order_4.msg
        - name: "({{ select_crypto_backend }}) Create replacement order 5 with error handling"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -623,7 +623,7 @@
          register: replacement_order_5
        - name: "({{ select_crypto_backend }}) Get replacement order 5 information"
-          acme_certificate_order_info:
+          community.crypto.acme_certificate_order_info:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -633,7 +633,7 @@
          register: order_info_7
        - name: "({{ select_crypto_backend }}) Check replacement order 5"
-          assert:
+          ansible.builtin.assert:
            that:
              - replacement_order_5 is changed
              - replacement_order_5.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -656,7 +656,7 @@
                ('Stop passing `replaces=' ~ cert_info.cert_id ~ '` due to error 409 urn:ietf:params:acme:error:malformed when creating ACME order') in replacement_order_5.warnings
        - name: "({{ select_crypto_backend }}) Check replacement order 5 information"
-          assert:
+          ansible.builtin.assert:
            that:
              - order_info_7 is not changed
              - order_info_7.authorizations_by_identifier | length == 1
@@ -681,7 +681,7 @@
              - order_info_7.account_uri == account.account_uri
        - name: "({{ select_crypto_backend }}) Deactivate authzs for replacement order 5"
-          acme_certificate_deactivate_authz:
+          community.crypto.acme_certificate_deactivate_authz:
            acme_directory: "{{ acme_directory_url }}"
            acme_version: 2
            validate_certs: false
@@ -694,7 +694,7 @@
 - when: acme_supports_profiles
  block:
    - name: "({{ select_crypto_backend }}) Create order with invalid profile (should fail)"
-      acme_certificate_order_create:
+      community.crypto.acme_certificate_order_create:
        acme_directory: "{{ acme_directory_url }}"
        acme_version: 2
        validate_certs: false
@@ -707,7 +707,7 @@
      ignore_errors: true
    - name: "({{ select_crypto_backend }}) Check invalid profile order"
-      assert:
+      ansible.builtin.assert:
        that:
          - invalid_profile_order is failed
          - invalid_profile_order.msg == "The ACME CA does not support selected profile 'does-not-exist'."
@@ -717,7 +717,7 @@
 - when: not acme_supports_profiles
  block:
    - name: "({{ select_crypto_backend }}) Create order with profile when server does not support it (should fail)"
-      acme_certificate_order_create:
+      community.crypto.acme_certificate_order_create:
        acme_directory: "{{ acme_directory_url }}"
        acme_version: 2
        validate_certs: false
@@ -729,7 +729,7 @@
      ignore_errors: true
    - name: "({{ select_crypto_backend }}) Check profile without server support order"
-      assert:
+      ansible.builtin.assert:
        that:
          - profile_without_server_support is failed
          - profile_without_server_support.msg == 'The ACME CA does not support profiles. Please omit the "profile" option.'
--- a/tests/integration/targets/acme_certificate_order/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_order/tasks/main.yml
@@ -10,7 +10,7 @@
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: openssl
@@ -18,18 +18,18 @@
  when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
--- a/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml
@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
    - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
        type: "{{ item.type }}"
        size: "{{ item.size | default(omit) }}"
@@ -22,7 +22,7 @@
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 1 for renewal check
    certificate_name: cert-1
@@ -41,18 +41,18 @@
 ## OBTAIN CERTIFICATE INFOS ###################################################################
 - name: Dump OpenSSL x509 info
-  command:
+  ansible.builtin.command:
    cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text
 - name: Obtain certificate information
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-1.pem"
  register: cert_1_info
 - name: Read certificate
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/cert-1.pem'
  register: slurp_cert_1
 - name: Obtain certificate information (1/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
    acme_version: 2
@@ -60,7 +60,7 @@
    validate_certs: false
  register: cert_1_renewal_1
 - name: Obtain certificate information (2/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
    acme_version: 2
@@ -70,7 +70,7 @@
    remaining_percentage: 0.5
  register: cert_1_renewal_2
 - name: Obtain certificate information (3/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_content: "{{ slurp_cert_1.content | b64decode }}"
    acme_version: 2
@@ -79,7 +79,7 @@
    now: +1800d
  register: cert_1_renewal_3
 - name: Obtain certificate information (4/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
    acme_version: 2
@@ -90,7 +90,7 @@
    remaining_percentage: 0.1
  register: cert_1_renewal_4
 - name: Obtain certificate information (5/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
    acme_version: 2
@@ -101,7 +101,7 @@
    remaining_percentage: 0.01
  register: cert_1_renewal_5
 - name: Obtain certificate information (6/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
    acme_version: 2
@@ -112,7 +112,7 @@
    remaining_percentage: 0.03
  register: cert_1_renewal_6
 - name: Obtain certificate information (7/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
    acme_version: 2
@@ -121,7 +121,7 @@
    now: +1830d
  register: cert_1_renewal_7
 - name: Obtain certificate information (8/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: "{{ acme_directory_url }}"
@@ -129,7 +129,7 @@
    now: +1830d
  register: cert_1_renewal_8
 - name: Obtain certificate information (9/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-does-not-exist.pem"
    acme_version: 2
@@ -137,12 +137,12 @@
    validate_certs: false
  register: cert_1_renewal_9
 - name: Create broken file
-  copy:
+  ansible.builtin.copy:
    dest: "{{ remote_tmp_dir }}/cert-is-broken.pem"
    content: |
      --- THIS IS NOT A CERT ---
 - name: Obtain certificate information (10/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    treat_parsing_error_as_non_existing: false
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"
@@ -152,7 +152,7 @@
  register: cert_1_renewal_10
  ignore_errors: true
 - name: Obtain certificate information (11/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
    treat_parsing_error_as_non_existing: true
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"
--- a/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml
@@ -13,31 +13,31 @@
  block:
    - block:
        - name: Running tests with OpenSSL backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
          vars:
            select_crypto_backend: openssl
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
      # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
      when: openssl_version.stdout is version('1.0.0', '>=')
    - name: Remove output directory
-      file:
+      ansible.builtin.file:
        path: "{{ remote_tmp_dir }}"
        state: absent
    - name: Re-create output directory
-      file:
+      ansible.builtin.file:
        path: "{{ remote_tmp_dir }}"
        state: directory
    - block:
        - name: Running tests with cryptography backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
          vars:
            select_crypto_backend: cryptography
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
      when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml
+++ b/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml
@@ -9,7 +9,7 @@
  block:
    - name: Validate results (generic)
-      assert:
+      ansible.builtin.assert:
        that:
          - cert_1_renewal_1.should_renew == false
          - cert_1_renewal_1.msg == 'The certificate is still valid and no condition was reached'
@@ -64,7 +64,7 @@
      when: not acme_supports_ari
    - name: Validate results without ARI
-      assert:
+      ansible.builtin.assert:
        that:
          - cert_1_renewal_1.supports_ari == false
          - cert_1_renewal_2.supports_ari == false
@@ -84,7 +84,7 @@
      when: not acme_supports_ari
    - name: Validate results with ARI
-      assert:
+      ansible.builtin.assert:
        that:
          - cert_1_renewal_1.supports_ari == true
          - cert_1_renewal_2.supports_ari == true
--- a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml
@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
    - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
        type: "{{ item.type }}"
        size: "{{ item.size | default(omit) }}"
@@ -28,11 +28,11 @@
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Read account key (EC256)
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/account-ec256.pem'
  register: slurp_account_key
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 1 for revocation
    certificate_name: cert-1
@@ -49,7 +49,7 @@
    terms_agreed: true
    account_email: "example@example.org"
 - name: Obtain cert 2
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 2 for revocation
    certificate_name: cert-2
@@ -66,7 +66,7 @@
    terms_agreed: true
    account_email: "example@example.org"
 - name: Obtain cert 3
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 3 for revocation
    certificate_name: cert-3
@@ -84,7 +84,7 @@
 ## REVOKE CERTIFICATES ########################################################################
 - name: Revoke certificate 1 via account key
-  acme_certificate_revoke:
+  community.crypto.acme_certificate_revoke:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
    certificate: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -94,7 +94,7 @@
  ignore_errors: true
  register: cert_1_revoke
 - name: Revoke certificate 2 via certificate private key
-  acme_certificate_revoke:
+  community.crypto.acme_certificate_revoke:
    select_crypto_backend: "{{ select_crypto_backend }}"
    private_key_src: "{{ remote_tmp_dir }}/cert-2.key"
    private_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -105,11 +105,11 @@
  ignore_errors: true
  register: cert_2_revoke
 - name: Read account key (RSA)
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/account-rsa.pem'
  register: slurp_account_key
 - name: Revoke certificate 3 via account key (fullchain)
-  acme_certificate_revoke:
+  community.crypto.acme_certificate_revoke:
    select_crypto_backend: "{{ select_crypto_backend }}"
    account_key_content: "{{ slurp_account_key.content | b64decode }}"
    certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem"
--- a/tests/integration/targets/acme_certificate_revoke/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_revoke/tasks/main.yml
@@ -10,31 +10,31 @@
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: openssl
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate_revoke/tests/validate.yml
+++ b/tests/integration/targets/acme_certificate_revoke/tests/validate.yml
@@ -4,17 +4,17 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Check that certificate 1 was revoked
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_1_revoke is changed
      - cert_1_revoke is not failed
 - name: Check that certificate 2 was revoked
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_2_revoke is changed
      - cert_2_revoke is not failed
 - name: Check that certificate 3 was revoked
-  assert:
+  ansible.builtin.assert:
    that:
      - cert_3_revoke is changed
      - cert_3_revoke is not failed
--- a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml
+++ b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml
@@ -10,13 +10,13 @@
 - block:
    - name: Generate ECC256 account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/account-ec256.pem"
        type: ECC
        curve: secp256r1
        force: true
    - name: Obtain cert 1
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
      vars:
        select_crypto_backend: auto
        certgen_title: Certificate 1
--- a/tests/integration/targets/acme_inspect/tasks/impl.yml
+++ b/tests/integration/targets/acme_inspect/tasks/impl.yml
@@ -5,7 +5,7 @@
 - block:
    - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
        type: ECC
        curve: secp256r1
@@ -13,7 +13,7 @@
      loop: "{{ account_keys }}"
    - name: Parse account keys (to ease debugging some test failures)
-      openssl_privatekey_info:
+      community.crypto.openssl_privatekey_info:
        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
        return_private_key_data: true
      loop: "{{ account_keys }}"
@@ -23,32 +23,32 @@
      - accountkey
 - name: Get directory
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
    method: directory-only
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: directory
- debug: var=directory
+- ansible.builtin.debug: var=directory
 - name: Create an account
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
-    url: "{{ directory.directory.newAccount}}"
+    url: "{{ directory.directory.newAccount }}"
    method: post
    content: '{"termsOfServiceAgreed":true}'
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: account_creation
  # account_creation.headers.location contains the account URI
  # if creation was successful
- debug: var=account_creation
+- ansible.builtin.debug: var=account_creation
 - name: Get account information
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -58,10 +58,10 @@
    method: get
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: account_get
- debug: var=account_get
+- ansible.builtin.debug: var=account_get
 - name: Update account contacts
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -78,10 +78,10 @@
      contact:
        - mailto:me@example.com
  register: account_update
- debug: var=account_update
+- ansible.builtin.debug: var=account_update
 - name: Create certificate order
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -102,10 +102,10 @@
        - type: dns
          value: example.org
  register: new_order
- debug: var=new_order
+- ansible.builtin.debug: var=new_order
 - name: Get order information
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -115,10 +115,10 @@
    method: get
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: order
- debug: var=order
+- ansible.builtin.debug: var=order
 - name: Get authzs for order
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -129,10 +129,10 @@
    select_crypto_backend: "{{ select_crypto_backend }}"
  loop: "{{ order.output_json.authorizations }}"
  register: authz
- debug: var=authz
+- ansible.builtin.debug: var=authz
 - name: Get HTTP-01 challenge for authz
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -143,10 +143,10 @@
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: http01challenge
  loop: "{{ authz.results | map(attribute='output_json') | list }}"
- debug: var=http01challenge
+- ansible.builtin.debug: var=http01challenge
 - name: Activate HTTP-01 challenge manually
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -158,10 +158,10 @@
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: activation
  loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
- debug: var=activation
+- ansible.builtin.debug: var=activation
 - name: Get HTTP-01 challenge results
-  acme_inspect:
+  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
    acme_version: 2
    validate_certs: false
@@ -175,4 +175,4 @@
  until: "validation_result.output_json.status not in ['pending', 'processing']"
  retries: 20
  delay: 1
- debug: var=validation_result
+- ansible.builtin.debug: var=validation_result
--- a/tests/integration/targets/acme_inspect/tasks/main.yml
+++ b/tests/integration/targets/acme_inspect/tasks/main.yml
@@ -10,31 +10,31 @@
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: openssl
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_inspect/tests/validate.yml
+++ b/tests/integration/targets/acme_inspect/tests/validate.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Check directory output
-  assert:
+  ansible.builtin.assert:
    that:
      - directory is not changed
      - "'directory' in directory"
@@ -16,7 +16,7 @@
      - "'output_json' not in directory"
 - name: Check account creation output
-  assert:
+  ansible.builtin.assert:
    that:
      - account_creation is changed
      - "'directory' in account_creation"
@@ -30,7 +30,7 @@
      - account_creation.output_text | from_json == account_creation.output_json
 - name: Check account get output
-  assert:
+  ansible.builtin.assert:
    that:
      - account_get is not changed
      - "'directory' in account_get"
@@ -41,7 +41,7 @@
      - account_get.output_json == account_creation.output_json
 - name: Check account update output
-  assert:
+  ansible.builtin.assert:
    that:
      - account_update is changed
      - "'directory' in account_update"
@@ -53,7 +53,7 @@
      - account_update.output_json.contact[0] in ['mailto:me@example.com', 'mailto:*******@example.com']
 - name: Check certificate request output
-  assert:
+  ansible.builtin.assert:
    that:
      - new_order is changed
      - "'directory' in new_order"
@@ -66,7 +66,7 @@
      - "'finalize' in new_order.output_json"
 - name: Check get order output
-  assert:
+  ansible.builtin.assert:
    that:
      - order is not changed
      - "'directory' in order"
@@ -77,7 +77,7 @@
      # - new_order.output_json == order.output_json
 - name: Check get authz output
-  assert:
+  ansible.builtin.assert:
    that:
      - item is not changed
      - "'directory' in item"
@@ -90,7 +90,7 @@
  loop: "{{ authz.results }}"
 - name: Check get challenge output
-  assert:
+  ansible.builtin.assert:
    that:
      - item is not changed
      - "'directory' in item"
@@ -104,7 +104,7 @@
  loop: "{{ http01challenge.results }}"
 - name: Check challenge activation output
-  assert:
+  ansible.builtin.assert:
    that:
      - item is changed
      - "'directory' in item"
@@ -118,7 +118,7 @@
  loop: "{{ activation.results }}"
 - name: Check validation result
-  assert:
+  ansible.builtin.assert:
    that:
      - item is not changed
      - "'directory' in item"
--- a/tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml
@@ -9,14 +9,14 @@
 ####################################################################
 - name: Generate CSR for {{ certificate.name }}
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr'
    privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key'
    subject: '{{ certificate.subject }}'
    useCommonNameForSAN: false
 - name: Generate certificate for {{ certificate.name }}
-  x509_certificate:
+  community.crypto.x509_certificate:
    path: '{{ remote_tmp_dir }}/{{ certificate.name }}.pem'
    csr_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr'
    privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key'
--- a/tests/integration/targets/certificate_complete_chain/tasks/create.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/create.yml
@@ -10,25 +10,25 @@
 - block:
    - name: Create private keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
        size: '{{ default_rsa_key_size_certificates }}'
      loop: '{{ certificates }}'
    - name: Generate certificates
-      include_tasks: create-single-certificate.yml
+      ansible.builtin.include_tasks: create-single-certificate.yml
      loop: '{{ certificates }}'
      loop_control:
        loop_var: certificate
    - name: Read certificates
-      slurp:
+      ansible.builtin.slurp:
        src: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
      loop: '{{ certificates }}'
      register: certificates_read
    - name: Store read certificates
-      set_fact:
+      ansible.builtin.set_fact:
        read_certificates: >-
          {{ certificates_read.results | map(attribute='content') | map('b64decode')
             | zip(certificates | map(attribute='name'))
--- a/tests/integration/targets/certificate_complete_chain/tasks/created.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/created.yml
@@ -9,7 +9,7 @@
 ####################################################################
 - name: Case A => works
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
      - '{{ remote_tmp_dir }}/b-intermediate.pem'
@@ -19,7 +19,7 @@
 - name: Case B => doesn't work, but this is expected
  failed_when: false
  register: caseb
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
      - '{{ remote_tmp_dir }}/c-intermediate.pem'
@@ -27,11 +27,11 @@
      - '{{ remote_tmp_dir }}/a-root.pem'
 - name: Assert that case B failed
-  assert:
+  ansible.builtin.assert:
    that: "'Cannot complete chain' in caseb.msg"
 - name: Case C => works
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
      - '{{ remote_tmp_dir }}/c-intermediate.pem'
@@ -40,7 +40,7 @@
      - '{{ remote_tmp_dir }}/a-root.pem'
 - name: Case D => works as well after PR 403
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
      - '{{ remote_tmp_dir }}/b-intermediate.pem'
--- a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
@@ -10,13 +10,13 @@
 - block:
    - name: Find root for cert 1 using directory
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
        input_chain: '{{ fullchain | trim }}'
        root_certificates:
          - '{{ remote_tmp_dir }}/files/roots/'
      register: cert1_root
    - name: Verify root for cert 1
-      assert:
+      ansible.builtin.assert:
        that:
          - cert1_root.complete_chain | join('') == (fullchain ~ root)
          - cert1_root.root == root
@@ -26,7 +26,7 @@
 - block:
    - name: Find rootchain for cert 1 using intermediate and root PEM
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
        input_chain: '{{ cert }}'
        intermediate_certificates:
          - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
@@ -34,7 +34,7 @@
          - '{{ remote_tmp_dir }}/files/roots.pem'
      register: cert1_rootchain
    - name: Verify rootchain for cert 1
-      assert:
+      ansible.builtin.assert:
        that:
          - cert1_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
          - cert1_rootchain.chain[:-1] | join('') == chain
@@ -46,13 +46,13 @@
 - block:
    - name: Find root for cert 2 using directory
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
        input_chain: "{{ fullchain | trim }}"
        root_certificates:
          - '{{ remote_tmp_dir }}/files/roots/'
      register: cert2_root
    - name: Verify root for cert 2
-      assert:
+      ansible.builtin.assert:
        that:
          - cert2_root.complete_chain | join('') == (fullchain ~ root)
          - cert2_root.root == root
@@ -62,7 +62,7 @@
 - block:
    - name: Find rootchain for cert 2 using intermediate and root PEM
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
        input_chain: '{{ cert }}'
        intermediate_certificates:
          - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
@@ -70,7 +70,7 @@
          - '{{ remote_tmp_dir }}/files/roots.pem'
      register: cert2_rootchain
    - name: Verify rootchain for cert 2
-      assert:
+      ansible.builtin.assert:
        that:
          - cert2_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
          - cert2_rootchain.chain[:-1] | join('') == chain
@@ -82,7 +82,7 @@
 - block:
    - name: Find alternate rootchain for cert 2 using intermediate and root PEM
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
        input_chain: '{{ cert }}'
        intermediate_certificates:
          - '{{ remote_tmp_dir }}/files/cert2-altchain.pem'
@@ -90,7 +90,7 @@
          - '{{ remote_tmp_dir }}/files/roots.pem'
      register: cert2_rootchain_alt
    - name: Verify rootchain for cert 2
-      assert:
+      ansible.builtin.assert:
        that:
          - cert2_rootchain_alt.complete_chain | join('') == (cert ~ chain ~ root)
          - cert2_rootchain_alt.chain[:-1] | join('') == chain
@@ -102,13 +102,13 @@
 - block:
    - name: Find alternate rootchain for cert 2 when complete chain is already presented to the module
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
        input_chain: '{{ cert ~ chain ~ root }}'
        root_certificates:
          - '{{ remote_tmp_dir }}/files/roots.pem'
      register: cert2_complete_chain
    - name: Verify rootchain for cert 2
-      assert:
+      ansible.builtin.assert:
        that:
          - cert2_complete_chain.complete_chain | join('') == (cert ~ chain ~ root)
          - cert2_complete_chain.chain == []
@@ -119,7 +119,7 @@
    root: "{{ lookup('file', 'cert2-altroot.pem', rstrip=False) }}"
 - name: Check failure when no intermediate certificate can be found
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
    input_chain: '{{ lookup("file", "cert2.pem", rstrip=true) }}'
    intermediate_certificates:
      - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
@@ -128,13 +128,13 @@
  register: cert2_no_intermediate
  ignore_errors: true
 - name: Verify failure
-  assert:
+  ansible.builtin.assert:
    that:
      - cert2_no_intermediate is failed
      - "cert2_no_intermediate.msg.startswith('Cannot complete chain. Stuck at certificate ')"
 - name: Check failure when infinite loop is found
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=true) }}'
    intermediate_certificates:
      - '{{ remote_tmp_dir }}/files/roots.pem'
@@ -143,7 +143,7 @@
  register: cert2_infinite_loop
  ignore_errors: true
 - name: Verify failure
-  assert:
+  ansible.builtin.assert:
    that:
      - cert2_infinite_loop is failed
      - "cert2_infinite_loop.msg == 'Found cycle while building certificate chain'"
--- a/tests/integration/targets/certificate_complete_chain/tasks/main.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/main.yml
@@ -16,17 +16,17 @@
        state: directory
      when: ansible_version.string is version('2.10', '<')
    - name: Copy test files to testhost
-      copy:
+      ansible.builtin.copy:
        src: '{{ role_path }}/files/'
        dest: '{{ remote_tmp_dir }}/files/'
    - name: Run tests with copied certificates
-      import_tasks: existing.yml
+      ansible.builtin.import_tasks: existing.yml
    - name: Create more certificates
-      import_tasks: create.yml
+      ansible.builtin.import_tasks: create.yml
    - name: Run tests with created certificates
-      import_tasks: created.yml
+      ansible.builtin.import_tasks: created.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/crypto_info/tasks/main.yml
+++ b/tests/integration/targets/crypto_info/tasks/main.yml
@@ -9,19 +9,19 @@
 ####################################################################
 - name: Retrieve information
-  crypto_info:
+  community.crypto.crypto_info:
  register: result
 - name: Display information
-  debug:
+  ansible.builtin.debug:
    var: result
 - name: Register cryptography version
-  command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
+  ansible.builtin.command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
  register: local_cryptography_version
 - name: Determine complex version-based capabilities
-  set_fact:
+  ansible.builtin.set_fact:
    supports_ed25519: >-
      {{
        local_cryptography_version.stdout is version("2.6", ">=")
@@ -42,7 +42,7 @@
      }}
 - name: Verify cryptography information
-  assert:
+  ansible.builtin.assert:
    that:
      - result.python_cryptography_installed
      - "'python_cryptography_import_error' not in result"
@@ -63,15 +63,15 @@
      - result.python_cryptography_capabilities.has_x448 == (local_cryptography_version.stdout is version('2.5', '>='))
 - name: Find OpenSSL binary
-  command: which openssl
+  ansible.builtin.command: which openssl
  register: local_openssl_path
 - name: Find OpenSSL version
-  command: openssl version
+  ansible.builtin.command: openssl version
  register: local_openssl_version_full
 - name: Verify OpenSSL information
-  assert:
+  ansible.builtin.assert:
    that:
      - result.openssl_present
      - result.openssl.path == local_openssl_path.stdout
--- a/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml
+++ b/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/csr_1.csr') | community.crypto.openssl_csr_info }}
    result_idna: >-
@@ -13,7 +13,7 @@
      {{ lookup('file', remote_tmp_dir ~ '/csr_1.csr') | community.crypto.openssl_csr_info(name_encoding='unicode') }}
 - name: "Check whether subject and extensions behaves as expected"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.subject.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
@@ -40,7 +40,7 @@
      - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
 - name: "Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.subject_key_identifier == "00:11:22:33"
      - result.authority_key_identifier == "44:55:66:77"
@@ -57,17 +57,17 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/csr_2.csr') | community.crypto.openssl_csr_info }}
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/csr_3.csr') | community.crypto.openssl_csr_info }}
 - name: "Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.authority_key_identifier is none
      - result.authority_cert_issuer == expected_authority_cert_issuer
@@ -79,12 +79,12 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/csr_4.csr') | community.crypto.openssl_csr_info }}
 - name: "Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer is none
@@ -92,53 +92,53 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ [] | community.crypto.openssl_csr_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The community.crypto.openssl_csr_info input must be a text type, not ")
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'foo' | community.crypto.openssl_csr_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("Unable to load (?:request|PEM file)(?:\.|$)")
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'foo' | community.crypto.openssl_csr_info(name_encoding=[]) }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The name_encoding option must be of a text type, not ")
 - name: Get invalid name_encoding parameter
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'bar' | community.crypto.openssl_csr_info(name_encoding='foo') }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$")
--- a/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml
+++ b/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml
@@ -9,23 +9,23 @@
 ####################################################################
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
    name: idna
    state: present
 - name: Generate privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
    size: '{{ default_rsa_key_size }}'
 - name: Generate privatekey with password
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    size: '{{ default_rsa_key_size }}'
 - name: Generate CSR 1
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_1.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -94,7 +94,7 @@
      - "IP:1.2.3.4"
 - name: Generate CSR 2
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_2.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    privatekey_passphrase: hunter2
@@ -103,7 +103,7 @@
      - "CA:TRUE"
 - name: Generate CSR 3
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_3.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    useCommonNameForSAN: false
@@ -121,12 +121,12 @@
      - "IP:1.2.3.4"
 - name: Generate CSR 4
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_4.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    useCommonNameForSAN: false
    authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
  when: cryptography_version.stdout is version('1.3', '>=')
--- a/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml
+++ b/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml
@@ -4,12 +4,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Get key 1 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/privatekey_1.pem') | community.crypto.openssl_privatekey_info }}
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'public_key' in result"
      - "'public_key_fingerprints' in result"
@@ -21,12 +21,12 @@
      - "'private_data' not in result"
 - name: Get key 2 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/privatekey_2.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'public_key' in result"
      - "'public_key_fingerprints' in result"
@@ -41,26 +41,26 @@
      - "result.private_data.exponent > 5"
 - name: Get key 3 info (without passphrase)
-  set_fact:
+  ansible.builtin.set_fact:
    result_: >-
      {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
  ignore_errors: true
  register: result
 - name: Check that loading passphrase protected key without passphrase failed
-  assert:
+  ansible.builtin.assert:
    that:
      - result is failed
      - >-
        'Wrong or empty passphrase provided for private key' in result.msg
 - name: Get key 3 info (with passphrase)
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(passphrase='hunter2', return_private_key_data=true) }}
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'public_key' in result"
      - "'public_key_fingerprints' in result"
@@ -74,12 +74,12 @@
      - "result.private_data.exponent > 5"
 - name: Get key 4 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/privatekey_4.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
 - name: Check that ECC key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'public_key' in result"
      - "'public_key_fingerprints' in result"
@@ -94,12 +94,12 @@
      - "result.private_data.multiplier > 1024"
 - name: Get key 5 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/privatekey_5.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
 - name: Check that DSA key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'public_key' in result"
      - "'public_key_fingerprints' in result"
--- a/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml
+++ b/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml
@@ -9,34 +9,34 @@
 ####################################################################
 - name: Generate privatekey 1
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_1.pem'
 - name: Generate privatekey 2 (less bits)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_2.pem'
    type: RSA
    size: '{{ default_rsa_key_size }}'
 - name: Generate privatekey 3 (with password)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_3.pem'
    passphrase: hunter2
    size: '{{ default_rsa_key_size }}'
 - name: Generate privatekey 4 (ECC)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_4.pem'
    type: ECC
    curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}"
    # ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead
 - name: Generate privatekey 5 (DSA)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_5.pem'
    type: DSA
    size: 1024
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
  when: cryptography_version.stdout is version('1.2.3', '>=')
--- a/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml
+++ b/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml
@@ -4,12 +4,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Get key 1 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/publickey_1.pem') | community.crypto.openssl_publickey_info }}
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'fingerprints' in result"
      - "'type' in result"
@@ -19,12 +19,12 @@
      - "result.public_data.exponent > 5"
 - name: Get key 2 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/publickey_2.pem') | community.crypto.openssl_publickey_info }}
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'fingerprints' in result"
      - "'type' in result"
@@ -35,12 +35,12 @@
      - "result.public_data.exponent > 5"
 - name: Get key 3 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/publickey_3.pem') | community.crypto.openssl_publickey_info }}
 - name: Check that ECC key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'fingerprints' in result"
      - "'type' in result"
@@ -52,12 +52,12 @@
      - "result.public_data.exponent_size == (521 if (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') else 256)"
 - name: Get key 4 info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/publickey_4.pem') | community.crypto.openssl_publickey_info }}
 - name: Check that DSA key info is ok
-  assert:
+  ansible.builtin.assert:
    that:
      - "'fingerprints' in result"
      - "'type' in result"
@@ -69,27 +69,27 @@
      - "result.public_data.y > 2"
 - name: Get invalid key info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ [] | community.crypto.openssl_publickey_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The community.crypto.openssl_publickey_info input must be a text type, not ")
 - name: Get invalid key info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'foo' | community.crypto.openssl_publickey_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - 'output.msg is search("Error while deserializing key: ")'
--- a/tests/integration/targets/filter_openssl_publickey_info/tasks/main.yml
+++ b/tests/integration/targets/filter_openssl_publickey_info/tasks/main.yml
@@ -9,17 +9,17 @@
 ####################################################################
 - name: Generate privatekey 1
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_1.pem'
 - name: Generate privatekey 2 (less bits)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_2.pem'
    type: RSA
    size: '{{ default_rsa_key_size }}'
 - name: Generate privatekey 3 (ECC)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_3.pem'
    type: ECC
    curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}"
@@ -27,13 +27,13 @@
    select_crypto_backend: cryptography
 - name: Generate privatekey 4 (DSA)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_4.pem'
    type: DSA
    size: 1024
 - name: Generate public keys
-  openssl_publickey:
+  community.crypto.openssl_publickey:
    privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
    path: '{{ remote_tmp_dir }}/publickey_{{ item }}.pem'
  loop:
@@ -43,5 +43,5 @@
    - 4
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
  when: cryptography_version.stdout is version('1.2.3', '>=')
--- a/tests/integration/targets/filter_parse_serial/tasks/main.yml
+++ b/tests/integration/targets/filter_parse_serial/tasks/main.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Test parse_serial filter
-  assert:
+  ansible.builtin.assert:
    that:
      - >-
        '0' | community.crypto.parse_serial == 0
@@ -22,35 +22,35 @@
        '1:2:3' | community.crypto.parse_serial == 66051
 - name: "Test error 1: empty string"
-  debug:
+  ansible.builtin.debug:
    msg: >-
      {{ '' | community.crypto.parse_serial }}
  ignore_errors: true
  register: error_1
 - name: "Test error 2: invalid type"
-  debug:
+  ansible.builtin.debug:
    msg: >-
      {{ [] | community.crypto.parse_serial }}
  ignore_errors: true
  register: error_2
 - name: "Test error 3: invalid values (range)"
-  debug:
+  ansible.builtin.debug:
    msg: >-
      {{ '100' | community.crypto.parse_serial }}
  ignore_errors: true
  register: error_3
 - name: "Test error 4: invalid values (digits)"
-  debug:
+  ansible.builtin.debug:
    msg: >-
      {{ 'abcdefg' | community.crypto.parse_serial }}
  ignore_errors: true
  register: error_4
 - name: Validate errors
-  assert:
+  ansible.builtin.assert:
    that:
      - >-
        error_1 is failed and "The 1st part '' is not a hexadecimal number in range [0, 255]: invalid literal" in error_1.msg
--- a/tests/integration/targets/filter_split_pem/tasks/main.yml
+++ b/tests/integration/targets/filter_split_pem/tasks/main.yml
@@ -9,7 +9,7 @@
 ####################################################################
 - name: Run tests that raise no errors
-  assert:
+  ansible.builtin.assert:
    that:
      - >-
        '' | community.crypto.split_pem == []
@@ -49,13 +49,13 @@
      AAb=
 - name: Invalid input
-  debug:
+  ansible.builtin.debug:
    msg: "{{ [] | community.crypto.split_pem }}"
  ignore_errors: true
  register: output
 - name: Validate error
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The community.crypto.split_pem input must be a text type, not ")
--- a/tests/integration/targets/filter_to_serial/tasks/main.yml
+++ b/tests/integration/targets/filter_to_serial/tasks/main.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Test to_serial filter
-  assert:
+  ansible.builtin.assert:
    that:
      - 0 | community.crypto.to_serial == '00'
      - 1 | community.crypto.to_serial == '01'
@@ -13,21 +13,21 @@
      - 65536 | community.crypto.to_serial == '01:00:00'
 - name: "Test error 1: negative number"
-  debug:
+  ansible.builtin.debug:
    msg: >-
      {{ (-1) | community.crypto.to_serial }}
  ignore_errors: true
  register: error_1
 - name: "Test error 2: invalid type"
-  debug:
+  ansible.builtin.debug:
    msg: >-
      {{ [] | community.crypto.to_serial }}
  ignore_errors: true
  register: error_2
 - name: Validate error
-  assert:
+  ansible.builtin.assert:
    that:
      - >-
        error_1 is failed and "The input for the community.crypto.to_serial filter must not be negative" in error_1.msg
--- a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml
+++ b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/cert_1.pem') | community.crypto.x509_certificate_info }}
    result_idna: >-
@@ -13,7 +13,7 @@
      {{ lookup('file', remote_tmp_dir ~ '/cert_1.pem') | community.crypto.x509_certificate_info(name_encoding='unicode') }}
 - name: Check whether issuer and subject and extensions behave as expected
-  assert:
+  ansible.builtin.assert:
    that:
      - result.issuer.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"
@@ -72,7 +72,7 @@
      - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
 - name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier
-  assert:
+  ansible.builtin.assert:
    that:
      - result.subject_key_identifier == "00:11:22:33"
      - result.authority_key_identifier == "44:55:66:77"
@@ -89,17 +89,17 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/cert_2.pem') | community.crypto.x509_certificate_info }}
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/cert_3.pem') | community.crypto.x509_certificate_info }}
 - name: Check AuthorityKeyIdentifier
-  assert:
+  ansible.builtin.assert:
    that:
      - result.authority_key_identifier is none
      - result.authority_cert_issuer == expected_authority_cert_issuer
@@ -111,12 +111,12 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', remote_tmp_dir ~ '/cert_4.pem') | community.crypto.x509_certificate_info }}
 - name: Check AuthorityKeyIdentifier
-  assert:
+  ansible.builtin.assert:
    that:
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer is none
@@ -124,11 +124,11 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: Get certificate info for packaged cert 1
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ lookup('file', role_path ~ '/../x509_certificate_info/files/cert1.pem') | community.crypto.x509_certificate_info }}
 - name: Check extensions
-  assert:
+  ansible.builtin.assert:
    that:
      - "'ocsp_uri' in result"
      - "result.ocsp_uri == 'http://ocsp.foobarbaz.example.com'"
@@ -165,59 +165,59 @@
      - result.extensions_by_oid['2.5.29.37'].critical == false
      - result.extensions_by_oid['2.5.29.37'].value == 'MBQGCCsGAQUFBwMBBggrBgEFBQcDAg=='
 - name: Check fingerprints
-  assert:
+  ansible.builtin.assert:
    that:
      - (result.fingerprints.sha256 == '08:26:60:3d:29:11:f2:88:09:3f:40:71:bb:67:cb:59:9c:6e:cf:e0:49:22:ab:e8:60:bd:f6:9a:01:e3:0e:2c' if result.fingerprints.sha256 is defined else true)
      - (result.fingerprints.sha1 == '5a:32:7f:22:61:f3:2e:ad:a7:d8:77:07:1c:7f:08:cd:ab:7f:bc:11' if result.fingerprints.sha1 is defined else true)
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ [] | community.crypto.x509_certificate_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The community.crypto.x509_certificate_info input must be a text type, not ")
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'foo' | community.crypto.x509_certificate_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("Unable to load (?:certificate|PEM file)(?:\.|$)")
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'foo' | community.crypto.x509_certificate_info(name_encoding=[]) }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The name_encoding option must be of a text type, not ")
 - name: Get invalid name_encoding parameter
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'bar' | community.crypto.x509_certificate_info(name_encoding='foo') }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$")
--- a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
+++ b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
@@ -9,24 +9,24 @@
 ####################################################################
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
    name: idna
    state: present
 - name: Generate privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
    size: '{{ default_rsa_key_size_certificates }}'
 - name: Generate privatekey with password
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    select_crypto_backend: cryptography
    size: '{{ default_rsa_key_size_certificates }}'
 - name: Generate CSR 1
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_1.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -97,7 +97,7 @@
      - "IP:1.2.3.4"
 - name: Generate CSR 2
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_2.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    privatekey_passphrase: hunter2
@@ -106,7 +106,7 @@
      - "CA:TRUE"
 - name: Generate CSR 3
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_3.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    useCommonNameForSAN: false
@@ -124,14 +124,14 @@
      - "IP:1.2.3.4"
 - name: Generate CSR 4
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_4.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    useCommonNameForSAN: false
    authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
 - name: Generate selfsigned certificates
-  x509_certificate:
+  community.crypto.x509_certificate:
    path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem'
    csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
@@ -146,5 +146,5 @@
    - 4
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
  when: cryptography_version.stdout is version('1.6', '>=')
--- a/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml
+++ b/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create CRL 1
-  x509_crl:
+  community.crypto.x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
@@ -23,17 +23,17 @@
        revocation_date: 20191001000000Z
 - name: Retrieve CRL 1 infos
-  set_fact:
+  ansible.builtin.set_fact:
    crl_1_info_1: >-
      {{ lookup('file', remote_tmp_dir ~ '/ca-crl1.crl') | community.crypto.x509_crl_info }}
 - name: Retrieve CRL 1 infos
-  set_fact:
+  ansible.builtin.set_fact:
    crl_1_info_2: >-
      {{ lookup('file', remote_tmp_dir ~ '/ca-crl1.crl') | b64encode | community.crypto.x509_crl_info }}
 - name: Validate CRL 1 info
-  assert:
+  ansible.builtin.assert:
    that:
      - crl_1_info_1.format == 'pem'
      - crl_1_info_1.digest == 'ecdsa-with-SHA256'
@@ -70,7 +70,7 @@
      - crl_1_info_1 == crl_1_info_2
 - name: Recreate CRL 1 as DER file
-  x509_crl:
+  community.crypto.x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    format: der
@@ -90,7 +90,7 @@
        revocation_date: 20191001000000Z
 - name: Read ca-crl1.crl
-  slurp:
+  ansible.builtin.slurp:
    src: "{{ remote_tmp_dir }}/ca-crl1.crl"
  register: content
@@ -102,19 +102,19 @@
  when: ansible_version.string is version('2.11', '>=') or ansible_python.version.major > 2
 - name: Retrieve CRL 1 infos from DER (Base64 encoded)
-  set_fact:
+  ansible.builtin.set_fact:
    crl_1_info_5: >-
      {{ content.content | community.crypto.x509_crl_info }}
 - name: Validate CRL 1
-  assert:
+  ansible.builtin.assert:
    that:
      - crl_1_info_4 is not defined or crl_1_info_4.format == 'der'
      - crl_1_info_5.format == 'der'
      - crl_1_info_4 is not defined or crl_1_info_4 == crl_1_info_5
 - name: Create CRL 2
-  x509_crl:
+  community.crypto.x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
@@ -135,12 +135,12 @@
  register: crl_2_change
 - name: Retrieve CRL 2 infos
-  set_fact:
+  ansible.builtin.set_fact:
    crl_2_info_1: >-
      {{ lookup('file', remote_tmp_dir ~ '/ca-crl2.crl') | community.crypto.x509_crl_info(list_revoked_certificates=false) }}
 - name: Create CRL 2 (changed order)
-  x509_crl:
+  community.crypto.x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
@@ -161,12 +161,12 @@
  register: crl_2_change_order
 - name: Retrieve CRL 2 infos again
-  set_fact:
+  ansible.builtin.set_fact:
    crl_2_info_2: >-
      {{ lookup('file', remote_tmp_dir ~ '/ca-crl2.crl') | community.crypto.x509_crl_info(list_revoked_certificates=false) }}
 - name: Validate CRL 2 info
-  assert:
+  ansible.builtin.assert:
    that:
      - "'revoked_certificates' not in crl_2_info_1"
      - >
@@ -185,7 +185,7 @@
        ]
 - name: Create CRL 3
-  x509_crl:
+  community.crypto.x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl3.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
@@ -215,7 +215,7 @@
  register: crl_3
 - name: Create CRL 3 (IDNA encoding)
-  x509_crl:
+  community.crypto.x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl3.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
@@ -240,7 +240,7 @@
  register: crl_3_idna
 - name: Create CRL 3 (Unicode encoding)
-  x509_crl:
+  community.crypto.x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl3.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
@@ -265,7 +265,7 @@
  register: crl_3_unicode
 - name: Retrieve CRL 3 infos
-  set_fact:
+  ansible.builtin.set_fact:
    crl_3_info: >-
      {{ lookup('file', remote_tmp_dir ~ '/ca-crl3.crl') | community.crypto.x509_crl_info(list_revoked_certificates=true) }}
    crl_3_info_idna: >-
@@ -274,73 +274,73 @@
      {{ lookup('file', remote_tmp_dir ~ '/ca-crl3.crl') | community.crypto.x509_crl_info(list_revoked_certificates=true, name_encoding='unicode') }}
 - name: Validate CRL 3 info
-  assert:
+  ansible.builtin.assert:
    that:
      - crl_3.revoked_certificates == crl_3_info.revoked_certificates
      - crl_3_idna.revoked_certificates == crl_3_info_idna.revoked_certificates
      - crl_3_unicode.revoked_certificates == crl_3_info_unicode.revoked_certificates
 - name: Get invalid CRL info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ [] | community.crypto.x509_crl_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The community.crypto.x509_crl_info input must be a text type, not ")
 - name: Get invalid CRL info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'foo' | community.crypto.x509_crl_info }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("Error while decoding CRL")
 - name: Get invalid CRL info
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'foo' | community.crypto.x509_crl_info(name_encoding=[]) }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The name_encoding option must be of a text type, not ")
 - name: Get invalid name_encoding parameter
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'bar' | community.crypto.x509_crl_info(name_encoding='foo') }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$")
 - name: Get invalid list_revoked_certificates parameter
-  set_fact:
+  ansible.builtin.set_fact:
    result: >-
      {{ 'bar' | community.crypto.x509_crl_info(list_revoked_certificates=[]) }}
  ignore_errors: true
  register: output
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
    that:
      - output is failed
      - output.msg is search("The list_revoked_certificates option must be a boolean, not ")
--- a/tests/integration/targets/filter_x509_crl_info/tasks/main.yml
+++ b/tests/integration/targets/filter_x509_crl_info/tasks/main.yml
@@ -9,11 +9,11 @@
 ####################################################################
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
    name: idna
    state: present
- set_fact:
+- ansible.builtin.set_fact:
    certificates:
      - name: ca
        subject:
@@ -39,14 +39,14 @@
          - DNS:b64.ansible.com
 - name: Generate private keys
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
    type: ECC
    curve: secp256r1
  loop: "{{ certificates }}"
 - name: Generate CSRs
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/{{ item.name }}.csr'
    privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
    subject: "{{ item.subject | default(omit) }}"
@@ -56,7 +56,7 @@
  loop: "{{ certificates }}"
 - name: Generate CA certificates
-  x509_certificate:
+  community.crypto.x509_certificate:
    path: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
    csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr'
    privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
@@ -65,7 +65,7 @@
  when: item.is_ca | default(false)
 - name: Generate other certificates
-  x509_certificate:
+  community.crypto.x509_certificate:
    path: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
    csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr'
    provider: ownca
@@ -75,7 +75,7 @@
  when: not (item.is_ca | default(false))
 - name: Get certificate infos
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
    path: '{{ remote_tmp_dir }}/{{ item }}.pem'
  loop:
    - cert-1
@@ -86,6 +86,6 @@
 - block:
    - name: Running tests
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
  when: cryptography_version.stdout is version('1.2', '>=')
--- a/tests/integration/targets/get_certificate/tasks/main.yml
+++ b/tests/integration/targets/get_certificate/tasks/main.yml
@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
- set_fact:
+- ansible.builtin.set_fact:
    skip_tests: false
    has_get_certificate_chain: >-
      {{ ansible_facts.python_version is version('3.10.0', '>=') }}
@@ -16,14 +16,14 @@
 - block:
    - name: Get servers certificate with backend auto-detection
-      get_certificate:
+      community.crypto.get_certificate:
        host: "{{ httpbin_host }}"
        port: 443
        asn1_base64: "{{ true if ansible_version.full is version('2.18', '>=') else omit }}"
      ignore_errors: true
      register: result
-    - set_fact:
+    - ansible.builtin.set_fact:
        skip_tests: |
          {{
            result is failed and (
@@ -33,7 +33,7 @@
            )
          }}
-    - assert:
+    - ansible.builtin.assert:
        that:
          - result is success or skip_tests
@@ -41,7 +41,7 @@
 - block:
-    - include_tasks: ../tests/validate.yml
+    - ansible.builtin.include_tasks: ../tests/validate.yml
      vars:
        select_crypto_backend: cryptography
--- a/tests/integration/targets/get_certificate/tests/validate.yml
+++ b/tests/integration/targets/get_certificate/tests/validate.yml
@@ -4,16 +4,16 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Get servers certificate for SNI test part 1
-  get_certificate:
+  community.crypto.get_certificate:
    host: "{{ httpbin_host }}"
    port: 443
    server_name: "{{ sni_host }}"
    asn1_base64: true
  register: result
- debug: var=result
+- ansible.builtin.debug: var=result
- assert:
+- ansible.builtin.assert:
    that:
      # This module should never change anything
      - result is not changed
@@ -22,16 +22,16 @@
      - "'{{ sni_host }}' == result.subject.CN"
 - name: Get servers certificate for SNI test part 2
-  get_certificate:
+  community.crypto.get_certificate:
    host: "{{ sni_host }}"
    port: 443
    server_name: "{{ httpbin_host }}"
    asn1_base64: true
  register: result
- debug: var=result
+- ansible.builtin.debug: var=result
- assert:
+- ansible.builtin.assert:
    that:
      # This module should never change anything
      - result is not changed
@@ -40,16 +40,16 @@
      - "'{{ httpbin_host }}' == result.subject.CN"
 - name: Get servers certificate
-  get_certificate:
+  community.crypto.get_certificate:
    host: "{{ httpbin_host }}"
    port: 443
    select_crypto_backend: "{{ select_crypto_backend }}"
    asn1_base64: true
  register: result
- debug: var=result
+- ansible.builtin.debug: var=result
- assert:
+- ansible.builtin.assert:
    that:
      # This module should never change anything
      - result is not changed
@@ -58,7 +58,7 @@
      - "'North Carolina' == result.subject.ST"
 - name: Connect to http port (will fail because there is no SSL cert to get)
-  get_certificate:
+  community.crypto.get_certificate:
    host: "{{ httpbin_host }}"
    port: 80
    select_crypto_backend: "{{ select_crypto_backend }}"
@@ -66,7 +66,7 @@
  register: result
  ignore_errors: true
- assert:
+- ansible.builtin.assert:
    that:
      - result is not changed
      - result is failed
@@ -78,7 +78,7 @@
        or 'record layer failure' in result.msg
 - name: Test timeout option
-  get_certificate:
+  community.crypto.get_certificate:
    host: "{{ httpbin_host }}"
    port: 1234
    timeout: 1
@@ -87,7 +87,7 @@
  register: result
  ignore_errors: true
- assert:
+- ansible.builtin.assert:
    that:
      - result is not changed
      - result is failed
@@ -95,7 +95,7 @@
      - "'Failed to get cert from port with error: timed out' == result.msg or 'Connection refused' in result.msg"
 - name: Test failure if ca_cert is not a valid file
-  get_certificate:
+  community.crypto.get_certificate:
    host: "{{ httpbin_host }}"
    port: 443
    ca_cert: dn.e
@@ -104,7 +104,7 @@
  register: result
  ignore_errors: true
- assert:
+- ansible.builtin.assert:
    that:
      - result is not changed
      - result is failed
@@ -112,12 +112,12 @@
      - "'ca_cert file does not exist' == result.msg"
 - name: Download CA Cert as pem from server
-  get_url:
+  ansible.builtin.get_url:
    url: "http://ansible.http.tests/cacert.pem"
    dest: "{{ remote_tmp_dir }}/temp.pem"
 - name: Get servers certificate comparing it to its own ca_cert file
-  get_certificate:
+  community.crypto.get_certificate:
    ca_cert: '{{ remote_tmp_dir }}/temp.pem'
    host: "{{ httpbin_host }}"
    port: 443
@@ -126,19 +126,19 @@
    get_certificate_chain: "{{ has_get_certificate_chain }}"
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result is not changed
      - result is not failed
 - name: Read CA cert
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/temp.pem'
  register: cacert
  when: has_get_certificate_chain
 - name: Validate get_certificate_chain=true results
-  assert:
+  ansible.builtin.assert:
    that:
      - result.verified_chain is sequence
      - result.unverified_chain is sequence
@@ -149,20 +149,20 @@
  when: has_get_certificate_chain
 - name: Validate get_certificate_chain=false results
-  assert:
+  ansible.builtin.assert:
    that:
      - result.verified_chain is undefined
      - result.unverified_chain is undefined
  when: not has_get_certificate_chain
 - name: Generate bogus CA privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/bogus_ca.key'
    type: ECC
    curve: secp256r1
 - name: Generate bogus CA CSR
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/bogus_ca.csr'
    privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
    subject:
@@ -173,7 +173,7 @@
    basic_constraints_critical: true
 - name: Generate selfsigned bogus CA certificate
-  x509_certificate:
+  community.crypto.x509_certificate:
    path: '{{ remote_tmp_dir }}/bogus_ca.pem'
    csr_path: '{{ remote_tmp_dir }}/bogus_ca.csr'
    privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
@@ -181,7 +181,7 @@
    selfsigned_digest: sha256
 - name: Get servers certificate comparing it to an invalid ca_cert file
-  get_certificate:
+  community.crypto.get_certificate:
    ca_cert: '{{ remote_tmp_dir }}/bogus_ca.pem'
    host: "{{ httpbin_host }}"
    port: 443
@@ -190,7 +190,7 @@
  register: result
  ignore_errors: true
- assert:
+- ansible.builtin.assert:
    that:
      - result is not changed
      - result is failed
--- a/tests/integration/targets/luks_device/tasks/main.yml
+++ b/tests/integration/targets/luks_device/tasks/main.yml
@@ -9,7 +9,7 @@
 ####################################################################
 - name: Copy keyfiles
-  copy:
+  ansible.builtin.copy:
    src: '{{ item }}'
    dest: '{{ remote_tmp_dir }}/{{ item }}'
  loop:
@@ -17,7 +17,7 @@
    - keyfile2
 - name: Include OS-specific variables
-  include_vars: '{{ lookup("first_found", search) }}'
+  ansible.builtin.include_vars: '{{ lookup("first_found", search) }}'
  vars:
    search:
      files:
@@ -30,62 +30,62 @@
        - vars
 - name: Make sure cryptsetup is installed
-  package:
+  ansible.builtin.package:
    name: '{{ cryptsetup_package }}'
    state: present
  become: true
 - name: Install additionally required packages
-  package:
+  ansible.builtin.package:
    name: '{{ luks_extra_packages }}'
    state: present
  become: true
  when: luks_extra_packages | length > 0
 - name: Determine cryptsetup version
-  command: cryptsetup --version
+  ansible.builtin.command: cryptsetup --version
  register: cryptsetup_version
 - name: Extract cryptsetup version
-  set_fact:
+  ansible.builtin.set_fact:
    cryptsetup_version: >-
      {{ cryptsetup_version.stdout_lines[0] | regex_search('cryptsetup ([0-9]+\.[0-9]+\.[0-9]+)') | split | last }}
 - name: Create cryptfile
-  command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
+  ansible.builtin.command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
 - name: Figure out next loopback device
-  command: losetup -f
+  ansible.builtin.command: losetup -f
  become: true
  register: cryptfile_device_output
 - name: Create lookback device
-  command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile
+  ansible.builtin.command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile
  become: true
 - name: Store some common data for tests
-  set_fact:
+  ansible.builtin.set_fact:
    cryptfile_device: "{{ cryptfile_device_output.stdout_lines[0] }}"
    cryptfile_passphrase1: "uNiJ9vKG2mUOEWDiQVuBHJlfMHE"
    cryptfile_passphrase2: "HW4Ak2HtE2vvne0qjJMPTtmbV4M"
    cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM"
 - block:
-    - include_tasks: run-test.yml
+    - ansible.builtin.include_tasks: run-test.yml
      with_fileglob:
        - "tests/*.yml"
  always:
    - name: Make sure LUKS device is gone
-      luks_device:
+      community.crypto.luks_device:
        device: "{{ cryptfile_device }}"
        state: absent
      become: true
      ignore_errors: true
-    - command: losetup -d "{{ cryptfile_device }}"
+    - ansible.builtin.command: losetup -d "{{ cryptfile_device }}"
      become: true
-    - file:
+    - ansible.builtin.file:
        dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"
        state: absent
--- a/tests/integration/targets/luks_device/tasks/run-test.yml
+++ b/tests/integration/targets/luks_device/tasks/run-test.yml
@@ -4,9 +4,9 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Make sure LUKS device is gone
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: absent
  become: true
 - name: "Loading tasks from {{ item }}"
-  include_tasks: "{{ item }}"
+  ansible.builtin.include_tasks: "{{ item }}"
--- a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create (check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -14,7 +14,7 @@
  become: true
  register: create_check
 - name: Create
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -23,7 +23,7 @@
  become: true
  register: create
 - name: Create (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -32,7 +32,7 @@
  become: true
  register: create_idem
 - name: Create (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -41,7 +41,7 @@
  check_mode: true
  become: true
  register: create_idem_check
- assert:
+- ansible.builtin.assert:
    that:
      - create_check is changed
      - create is changed
@@ -49,7 +49,7 @@
      - create_idem_check is not changed
 - name: Open (check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -57,28 +57,28 @@
  become: true
  register: open_check
 - name: Open
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
  register: open
 - name: Open (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
  register: open_idem
 - name: Open (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  check_mode: true
  become: true
  register: open_idem_check
- assert:
+- ansible.builtin.assert:
    that:
      - open_check is changed
      - open is changed
@@ -86,32 +86,32 @@
      - open_idem_check is not changed
 - name: Closed (via name, check)
-  luks_device:
+  community.crypto.luks_device:
    name: "{{ open.name }}"
    state: closed
  check_mode: true
  become: true
  register: close_check
 - name: Closed (via name)
-  luks_device:
+  community.crypto.luks_device:
    name: "{{ open.name }}"
    state: closed
  become: true
  register: close
 - name: Closed (via name, idempotent)
-  luks_device:
+  community.crypto.luks_device:
    name: "{{ open.name }}"
    state: closed
  become: true
  register: close_idem
 - name: Closed (via name, idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
    name: "{{ open.name }}"
    state: closed
  check_mode: true
  become: true
  register: close_idem_check
- assert:
+- ansible.builtin.assert:
    that:
      - close_check is changed
      - close is changed
@@ -119,39 +119,39 @@
      - close_idem_check is not changed
 - name: Re-open
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
 - name: Closed (via device, check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  check_mode: true
  become: true
  register: close_check
 - name: Closed (via device)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
  register: close
 - name: Closed (via device, idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
  register: close_idem
 - name: Closed (via device, idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  check_mode: true
  become: true
  register: close_idem_check
- assert:
+- ansible.builtin.assert:
    that:
      - close_check is changed
      - close is changed
@@ -159,39 +159,39 @@
      - close_idem_check is not changed
 - name: Re-opened
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
 - name: Absent (check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: absent
  check_mode: true
  become: true
  register: absent_check
 - name: Absent
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: absent
  become: true
  register: absent
 - name: Absent (idempotence)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: absent
  become: true
  register: absent_idem
 - name: Absent (idempotence, check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: absent
  check_mode: true
  become: true
  register: absent_idem_check
- assert:
+- ansible.builtin.assert:
    that:
      - absent_check is changed
      - absent is changed
--- a/tests/integration/targets/luks_device/tasks/tests/cryptname.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/cryptname.yml
@@ -4,11 +4,11 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Fix name
-  set_fact:
+  ansible.builtin.set_fact:
    cryptname: "crypt{{ '%0x' % ((2**32) | random) }}"
 - name: Create
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    name: "{{ cryptname }}"
    state: present
@@ -18,7 +18,7 @@
  become: true
  register: create
 - name: Open
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    name: "{{ cryptname }}"
    state: opened
@@ -26,7 +26,7 @@
  become: true
  register: open
 - name: Open (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    name: "{{ cryptname }}"
    state: opened
@@ -34,25 +34,25 @@
  become: true
  register: open_idem
 - name: Closed (via name)
-  luks_device:
+  community.crypto.luks_device:
    name: "{{ cryptname }}"
    state: closed
  become: true
  register: close
 - name: Closed (via name, idempotent)
-  luks_device:
+  community.crypto.luks_device:
    name: "{{ cryptname }}"
    state: closed
  become: true
  register: close_idem
 - name: Absent
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    name: "{{ cryptname }}"
    state: absent
  become: true
  register: absent
- assert:
+- ansible.builtin.assert:
    that:
      - create is changed
      - open is changed
--- a/tests/integration/targets/luks_device/tasks/tests/device-check.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/device-check.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create with invalid device name (check)
-  luks_device:
+  community.crypto.luks_device:
    device: /dev/asdfasdfasdf
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,7 +15,7 @@
  become: true
  register: create_check
 - name: Create with invalid device name
-  luks_device:
+  community.crypto.luks_device:
    device: /dev/asdfasdfasdf
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -24,7 +24,7 @@
  ignore_errors: true
  become: true
  register: create
- assert:
+- ansible.builtin.assert:
    that:
      - create_check is failed
      - create is failed
@@ -32,7 +32,7 @@
      - "'o such file or directory' in create.msg"
 - name: Create with something which is not a device (check)
-  luks_device:
+  community.crypto.luks_device:
    device: /tmp/
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -43,7 +43,7 @@
  become: true
  register: create_check
 - name: Create with something which is not a device
-  luks_device:
+  community.crypto.luks_device:
    device: /tmp/
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -52,7 +52,7 @@
  ignore_errors: true
  become: true
  register: create
- assert:
+- ansible.builtin.assert:
    that:
      - create_check is failed
      - create is failed
--- a/tests/integration/targets/luks_device/tasks/tests/key-management.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/key-management.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create with keyfile1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,36 +15,36 @@
 # Access: keyfile1
 - name: Try to open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Give access to keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -55,7 +55,7 @@
  register: result_1
 - name: Give access to keyfile2 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -63,7 +63,7 @@
  become: true
  register: result_2
- assert:
+- ansible.builtin.assert:
    that:
      - result_1 is changed
      - result_2 is not changed
@@ -71,28 +71,28 @@
 # Access: keyfile1 and keyfile2
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Dump LUKS header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
  become: true
 - name: Remove access from keyfile1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -101,7 +101,7 @@
  register: result_1
 - name: Remove access from keyfile1 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -109,7 +109,7 @@
  become: true
  register: result_2
- assert:
+- ansible.builtin.assert:
    that:
      - result_1 is changed
      - result_2 is not changed
@@ -117,40 +117,40 @@
 # Access: keyfile2
 - name: Try to open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Dump LUKS header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
  become: true
 - name: Remove access from keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
@@ -158,7 +158,7 @@
  become: true
  ignore_errors: true
  register: remove_last_key
- assert:
+- ansible.builtin.assert:
    that:
      - remove_last_key is failed
      - "'force_remove_last_key' in remove_last_key.msg"
@@ -166,24 +166,24 @@
 # Access: keyfile2
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Remove access from keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
@@ -194,13 +194,13 @@
 # Access: none
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
--- a/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create with keyfile3
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ keyfile3 }}"
@@ -21,7 +21,7 @@
  register: create_passphrase_1
 - name: Create with keyfile3 (without argon2i)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ keyfile3 }}"
@@ -32,7 +32,7 @@
  when: create_passphrase_1 is failed
 - name: Open with keyfile3
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ keyfile3 }}"
@@ -40,29 +40,29 @@
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Try to open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase1 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Give access to passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ keyfile3 }}"
@@ -73,7 +73,7 @@
  become: true
 - name: Remove access for keyfile3
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    remove_passphrase: "{{ keyfile3 }}"
@@ -81,25 +81,25 @@
  become: true
 - name: Try to open with keyfile3
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ keyfile3 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase1 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
--- a/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create luks with keyslot 4 (check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,7 +15,7 @@
  become: true
  register: create_luks_slot4_check
 - name: Create luks with keyslot 4
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -25,7 +25,7 @@
  become: true
  register: create_luks_slot4
 - name: Create luks with keyslot 4 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -35,7 +35,7 @@
  become: true
  register: create_luks_slot4_idem
 - name: Create luks with keyslot 4 (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -46,10 +46,10 @@
  become: true
  register: create_luks_slot4_idem_check
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
  become: true
  register: luks_header_slot4
- assert:
+- ansible.builtin.assert:
    that:
      - create_luks_slot4_check is changed
      - create_luks_slot4 is changed
@@ -58,7 +58,7 @@
      - "'Key Slot 4: ENABLED' in luks_header_slot4.stdout or '4: luks2' in luks_header_slot4.stdout"
 - name: Add key in slot 2 (check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -70,7 +70,7 @@
  become: true
  register: add_luks_slot2_check
 - name: Add key in slot 2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -81,7 +81,7 @@
  become: true
  register: add_luks_slot2
 - name: Add key in slot 2 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -92,7 +92,7 @@
  become: true
  register: add_luks_slot2_idem
 - name: Add key in slot 2 (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -104,10 +104,10 @@
  become: true
  register: add_luks_slot2_idem_check
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
  become: true
  register: luks_header_slot2
- assert:
+- ansible.builtin.assert:
    that:
      - add_luks_slot2_check is changed
      - add_luks_slot2 is changed
@@ -116,27 +116,27 @@
      - "'Key Slot 2: ENABLED' in luks_header_slot2.stdout or '2: luks2' in luks_header_slot2.stdout"
 - name: Check remove slot 4 without key
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    remove_keyslot: 4
  ignore_errors: true
  become: true
  register: kill_slot4_nokey
 - name: Check remove slot 4 with slot 4 key
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    remove_keyslot: 4
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  ignore_errors: true
  become: true
  register: kill_slot4_key_slot4
- assert:
+- ansible.builtin.assert:
    that:
      - kill_slot4_nokey is failed
      - kill_slot4_key_slot4 is failed
 - name: Remove key in slot 4 (check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
    remove_keyslot: 4
@@ -144,21 +144,21 @@
  become: true
  register: kill_luks_slot4_check
 - name: Remove key in slot 4
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
    remove_keyslot: 4
  become: true
  register: kill_luks_slot4
 - name: Remove key in slot 4 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
    remove_keyslot: 4
  become: true
  register: kill_luks_slot4_idem
 - name: Remove key in slot 4 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
    remove_keyslot: 4
@@ -166,10 +166,10 @@
  become: true
  register: kill_luks_slot4_idem_check
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
  become: true
  register: luks_header_slot4_removed
- assert:
+- ansible.builtin.assert:
    that:
      - kill_luks_slot4_check is changed
      - kill_luks_slot4 is changed
@@ -178,7 +178,7 @@
      - "'Key Slot 4: DISABLED' in luks_header_slot4_removed.stdout or not '4: luks' in luks_header_slot4_removed.stdout"
 - name: Add key in slot 0
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
@@ -189,17 +189,17 @@
  become: true
  register: add_luks_slot0
 - name: Remove key in slot 0
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    keyfile: "{{ remote_tmp_dir }}/keyfile2"
    remove_keyslot: 0
  become: true
  register: kill_luks_slot0
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
  become: true
  register: luks_header_slot0_removed
- assert:
+- ansible.builtin.assert:
    that:
      - add_luks_slot0 is changed
      - kill_luks_slot0 is changed
--- a/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create new luks
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -12,7 +12,7 @@
      iteration_time: 0.1
  become: true
 - name: Add new keyslot with same keyfile (check)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    new_keyslot: 1
@@ -23,7 +23,7 @@
  check_mode: true
  register: keyslot_duplicate_check
 - name: Add new keyslot with same keyfile
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    new_keyslot: 1
@@ -32,7 +32,7 @@
  become: true
  ignore_errors: true
  register: keyslot_duplicate
- assert:
+- ansible.builtin.assert:
    that:
      - keyslot_duplicate_check is failed
      - "'Trying to add key that is already present in another slot' in keyslot_duplicate_check.msg"
--- a/tests/integration/targets/luks_device/tasks/tests/keyslot-options.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-options.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Check invalid slot (luks1, 8)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    type: luks1
@@ -16,7 +16,7 @@
  become: true
  register: create_luks1_slot8
 - name: Check invalid slot (luks2, 32)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    type: luks2
@@ -28,7 +28,7 @@
  become: true
  register: create_luks2_slot32
 - name: Check invalid slot (no luks type, 8)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -38,14 +38,14 @@
  ignore_errors: true
  become: true
  register: create_luks_slot8
- assert:
+- ansible.builtin.assert:
    that:
      - create_luks1_slot8 is failed
      - create_luks2_slot32 is failed
      - create_luks_slot8 is failed
 - name: Check valid slot (luks2, 8)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    type: luks2
@@ -57,12 +57,12 @@
  ignore_errors: true
  register: create_luks2_slot8
 - name: Make sure that the previous task only fails if LUKS2 is not supported
-  assert:
+  ansible.builtin.assert:
    that:
      - "'Unknown option --type' in create_luks2_slot8.msg"
  when: create_luks2_slot8 is failed
 - name: Check add valid slot (no luks type, 10)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -73,7 +73,7 @@
  become: true
  register: create_luks_slot10
  when: create_luks2_slot8 is changed
- assert:
+- ansible.builtin.assert:
    that:
      - create_luks_slot10 is changed
  when: create_luks2_slot8 is changed
--- a/tests/integration/targets/luks_device/tasks/tests/options.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/options.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create with keysize
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,7 +15,7 @@
  become: true
  register: create_with_keysize
 - name: Create with keysize (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -26,7 +26,7 @@
  become: true
  register: create_idem_with_keysize
 - name: Create with different keysize (idempotent since we do not update keysize)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -37,7 +37,7 @@
  become: true
  register: create_idem_with_diff_keysize
 - name: Create with ambiguous arguments
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: present
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -49,7 +49,7 @@
  become: true
  register: create_with_ambiguous
- assert:
+- ansible.builtin.assert:
    that:
      - create_with_keysize is changed
      - create_idem_with_keysize is not changed
--- a/tests/integration/targets/luks_device/tasks/tests/passphrase.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/passphrase.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Create with passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
@@ -20,13 +20,13 @@
  register: create_passphrase_1
 - name: Make sure that the previous task only fails if LUKS2 is not supported
-  assert:
+  ansible.builtin.assert:
    that:
      - "'Unknown option --type' in create_passphrase_1.msg"
  when: create_passphrase_1 is failed
 - name: Create with passphrase1 (without argon2i)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
@@ -36,7 +36,7 @@
  when: create_passphrase_1 is failed
 - name: Open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    # Encode passphrase with Base64 to test passphrase_encoding
@@ -45,17 +45,17 @@
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Give access with ambiguous new_ arguments
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
@@ -66,24 +66,24 @@
  become: true
  ignore_errors: true
  register: new_try
- assert:
+- ansible.builtin.assert:
    that:
      - new_try is failed
 - name: Try to open with passphrase2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase2 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Give access to passphrase2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
@@ -94,7 +94,7 @@
  register: result_1
 - name: Give access to passphrase2 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
@@ -102,42 +102,42 @@
  become: true
  register: result_2
- assert:
+- ansible.builtin.assert:
    that:
      - result_1 is changed
      - result_2 is not changed
 - name: Open with passphrase2
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase2 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Try to open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Give access to keyfile1 from passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
@@ -147,7 +147,7 @@
  become: true
 - name: Remove access with ambiguous remove_ arguments
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -155,29 +155,29 @@
  become: true
  ignore_errors: true
  register: remove_try
- assert:
+- ansible.builtin.assert:
    that:
      - remove_try is failed
 - name: Open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
 - name: Remove access for passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    remove_passphrase: "{{ cryptfile_passphrase1 }}"
@@ -185,44 +185,44 @@
  register: result_1
 - name: Remove access for passphrase1 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    remove_passphrase: "{{ cryptfile_passphrase1 }}"
  become: true
  register: result_2
- assert:
+- ansible.builtin.assert:
    that:
      - result_1 is changed
      - result_2 is not changed
 - name: Try to open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase1 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Try to open with passphrase3
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase3 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is failed
 - name: Give access to passphrase3 from keyfile1
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -232,18 +232,18 @@
  become: true
 - name: Open with passphrase3
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase3 }}"
  become: true
  ignore_errors: true
  register: open_try
- assert:
+- ansible.builtin.assert:
    that:
      - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: true
--- a/tests/integration/targets/luks_device/tasks/tests/performance.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/performance.yml
@@ -6,7 +6,7 @@
 - name: On kernel >= 5.9 use performance flags
  block:
    - name: Create and open (check)
-      luks_device:
+      community.crypto.luks_device:
        device: "{{ cryptfile_device }}"
        state: opened
        keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -22,7 +22,7 @@
      become: true
      register: create_open_check
    - name: Create and open
-      luks_device:
+      community.crypto.luks_device:
        device: "{{ cryptfile_device }}"
        state: opened
        keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -37,7 +37,7 @@
      become: true
      register: create_open
    - name: Create and open (idempotent)
-      luks_device:
+      community.crypto.luks_device:
        device: "{{ cryptfile_device }}"
        state: opened
        keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -52,7 +52,7 @@
      become: true
      register: create_open_idem
    - name: Create and open (idempotent, check)
-      luks_device:
+      community.crypto.luks_device:
        device: "{{ cryptfile_device }}"
        state: present
        keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -67,7 +67,7 @@
      check_mode: true
      become: true
      register: create_open_idem_check
-    - assert:
+    - ansible.builtin.assert:
        that:
          - create_open_check is changed
          - create_open is changed
@@ -75,10 +75,10 @@
          - create_open_idem_check is not changed
    - name: Dump LUKS Header
-      command: "cryptsetup luksDump {{ cryptfile_device }}"
+      ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
      become: true
      register: luks_header
-    - assert:
+    - ansible.builtin.assert:
        that:
          - "'no-read-workqueue' in luks_header.stdout"
          - "'no-write-workqueue' in luks_header.stdout"
@@ -87,10 +87,10 @@
          - "'allow-discards' in luks_header.stdout"
    - name: Dump device mapper table
-      command: "dmsetup table {{ create_open.name }}"
+      ansible.builtin.command: "dmsetup table {{ create_open.name }}"
      become: true
      register: dm_table
-    - assert:
+    - ansible.builtin.assert:
        that:
          - "'no_read_workqueue' in dm_table.stdout"
          - "'no_write_workqueue' in dm_table.stdout"
@@ -99,7 +99,7 @@
          - "'allow_discards' in dm_table.stdout"
    - name: Closed and Removed
-      luks_device:
+      community.crypto.luks_device:
        name: "{{ cryptfile_device }}"
        state: absent
      become: true
--- a/tests/integration/targets/openssh_cert/tasks/main.yml
+++ b/tests/integration/targets/openssh_cert/tasks/main.yml
@@ -9,39 +9,39 @@
 ####################################################################
 - name: Declare global variables
-  set_fact:
+  ansible.builtin.set_fact:
    signing_key: '{{ remote_tmp_dir }}/id_key'
    public_key: '{{ remote_tmp_dir }}/id_key.pub'
    certificate_path: '{{ remote_tmp_dir }}/id_cert'
 - name: Generate keypair
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ signing_key }}"
    type: rsa
    size: 1024
 - block:
    - name: Import idempotency tests
-      import_tasks: ../tests/idempotency.yml
+      ansible.builtin.import_tasks: ../tests/idempotency.yml
    - name: Import key_idempotency tests
-      import_tasks: ../tests/key_idempotency.yml
+      ansible.builtin.import_tasks: ../tests/key_idempotency.yml
    - name: Import options tests
-      import_tasks: ../tests/options_idempotency.yml
+      ansible.builtin.import_tasks: ../tests/options_idempotency.yml
    - name: Import regenerate tests
-      import_tasks: ../tests/regenerate.yml
+      ansible.builtin.import_tasks: ../tests/regenerate.yml
    - name: Import remove tests
-      import_tasks: ../tests/remove.yml
+      ansible.builtin.import_tasks: ../tests/remove.yml
  when: not (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6")
 - name: Import ssh-agent tests
-  import_tasks: ../tests/ssh-agent.yml
+  ansible.builtin.import_tasks: ../tests/ssh-agent.yml
  when: openssh_version is version("7.6",">=")
 - name: Remove keypair
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ signing_key }}"
    state: absent
--- a/tests/integration/targets/openssh_cert/tests/idempotency.yml
+++ b/tests/integration/targets/openssh_cert/tests/idempotency.yml
@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
- set_fact:
+- ansible.builtin.set_fact:
    test_cases:
      - test_name: Generate cert - force option (check_mode)
        force: true
@@ -253,7 +253,7 @@
        changed: true
 - name: Execute idempotency tests
-  openssh_cert:
+  community.crypto.openssh_cert:
    force: "{{ test_case.force | default(omit) }}"
    identifier: "{{ test_case.identifier | default(omit) }}"
    options: "{{ test_case.options | default(omit) }}"
@@ -275,7 +275,7 @@
    loop_var: test_case
 - name: Assert task statuses
-  assert:
+  ansible.builtin.assert:
    that:
      - result.changed == test_cases[index].changed
  loop: "{{ idempotency_test_output.results }}"
@@ -284,6 +284,6 @@
    loop_var: result
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
    path: "{{ certificate_path }}"
    state: absent
--- a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml
+++ b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml
@@ -8,16 +8,16 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
- set_fact:
+- ansible.builtin.set_fact:
    new_signing_key: "{{ remote_tmp_dir }}/new_key"
    new_public_key: "{{ remote_tmp_dir }}/new_key.pub"
 - name: Generate new test key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ new_signing_key }}"
 - name: Generate cert with original keys
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -27,7 +27,7 @@
 - block:
    - name: Generate cert with updated signature algorithm
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        path: "{{ certificate_path }}"
        public_key: "{{ public_key }}"
@@ -38,12 +38,12 @@
      register: updated_signature_algorithm
    - name: Assert signature algorithm update causes change
-      assert:
+      ansible.builtin.assert:
        that:
          - updated_signature_algorithm is changed
    - name: Generate cert with updated signature algorithm (idempotent)
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        path: "{{ certificate_path }}"
        public_key: "{{ public_key }}"
@@ -54,13 +54,13 @@
      register: updated_signature_algorithm_idempotent
    - name: Assert signature algorithm update is idempotent
-      assert:
+      ansible.builtin.assert:
        that:
          - updated_signature_algorithm_idempotent is not changed
    - block:
        - name: Generate cert with original signature algorithm
-          openssh_cert:
+          community.crypto.openssh_cert:
            type: user
            path: "{{ certificate_path }}"
            public_key: "{{ public_key }}"
@@ -71,7 +71,7 @@
          register: second_signature_algorithm
        - name: Assert second signature algorithm update causes change
-          assert:
+          ansible.builtin.assert:
            that:
              - second_signature_algorithm is changed
      # RHEL9, Fedora 41 and Rocky 9 disable the SHA-1 algorithms by default, making this test fail with a 'libcrypt' error.
@@ -81,7 +81,7 @@
        - not (ansible_facts['distribution'] == "Fedora" and (ansible_facts['distribution_major_version'] | int) >= 41)
    - name: Omit signature algorithm
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        path: "{{ certificate_path }}"
        public_key: "{{ public_key }}"
@@ -91,12 +91,12 @@
      register: omitted_signature_algorithm
    - name: Assert omitted_signature_algorithm does not cause change
-      assert:
+      ansible.builtin.assert:
        that:
          - omitted_signature_algorithm is not changed
    - name: Revert to original certificate
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        path: "{{ certificate_path }}"
        public_key: "{{ public_key }}"
@@ -107,7 +107,7 @@
  when: openssh_version is version("7.3", ">=")
 - name: Generate cert with new signing key
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -117,7 +117,7 @@
  register: new_signing_key_output
 - name: Generate cert with new public key
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ new_public_key }}"
@@ -127,7 +127,7 @@
  register: new_public_key_output
 - name: Generate cert with new signing key - full idempotency
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -138,7 +138,7 @@
  register: new_signing_key_full_idempotency_output
 - name: Generate cert with new pubic key - full idempotency
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ new_public_key }}"
@@ -149,7 +149,7 @@
  register: new_public_key_full_idempotency_output
 - name: Assert changes to public key or signing key results in no change unless idempotency=full
-  assert:
+  ansible.builtin.assert:
    that:
      - new_signing_key_output is not changed
      - new_public_key_output is not changed
@@ -157,11 +157,11 @@
      - new_public_key_full_idempotency_output is changed
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
    path: "{{ certificate_path }}"
    state: absent
 - name: Remove new keypair
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ new_signing_key }}"
    state: absent
--- a/tests/integration/targets/openssh_cert/tests/options_idempotency.yml
+++ b/tests/integration/targets/openssh_cert/tests/options_idempotency.yml
@@ -9,7 +9,7 @@
 ####################################################################
 - name: Generate cert with no options
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -22,7 +22,7 @@
  register: no_options
 - name: Generate cert with no options with explicit directives
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -39,7 +39,7 @@
  register: no_options_explicit_directives
 - name: Generate cert with explicit extension
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -53,7 +53,7 @@
  register: explicit_extension_before
 - name: Generate cert with explicit extension (idempotency)
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -67,7 +67,7 @@
  register: explicit_extension_after
 - name: Generate cert with explicit extension and corresponding directive
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -81,7 +81,7 @@
  register: explicit_extension_and_directive
 - name: Generate cert with default options
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -92,7 +92,7 @@
  register: default_options
 - name: Generate cert with relative timestamp
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -104,7 +104,7 @@
  register: relative_timestamp
 - name: Generate cert with ignore_timestamp true
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -117,7 +117,7 @@
  register: relative_timestamp_true
 - name: Generate cert with ignore_timestamp false
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -130,7 +130,7 @@
  register: relative_timestamp_false
 - name: Generate cert with ignore_timestamp true
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: user
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -143,7 +143,7 @@
  register: relative_timestamp_invalid_at
 - name: Generate host cert full_idempotence
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: host
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -153,7 +153,7 @@
    regenerate: full_idempotence
 - name: Generate host cert full_idempotence again
-  openssh_cert:
+  community.crypto.openssh_cert:
    type: host
    path: "{{ certificate_path }}"
    public_key: "{{ public_key }}"
@@ -164,7 +164,7 @@
  register: host_cert_full_idempotence
 - name: Assert options results
-  assert:
+  ansible.builtin.assert:
    that:
      - no_options is changed
      - no_options_explicit_directives is not changed
@@ -179,6 +179,6 @@
      - host_cert_full_idempotence is not changed
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
    path: "{{ certificate_path }}"
    state: absent
--- a/tests/integration/targets/openssh_cert/tests/regenerate.yml
+++ b/tests/integration/targets/openssh_cert/tests/regenerate.yml
@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
- set_fact:
+- ansible.builtin.set_fact:
    test_cases:
      - test_name: Generate certificate
        type: user
@@ -104,7 +104,7 @@
        changed: true
 - name: Execute regenerate tests
-  openssh_cert:
+  community.crypto.openssh_cert:
    force: "{{ test_case.force | default(omit) }}"
    options: "{{ test_case.options | default(omit) }}"
    path: "{{ test_case.path | default(omit) }}"
@@ -126,7 +126,7 @@
    loop_var: test_case
 - name: Assert task statuses
-  assert:
+  ansible.builtin.assert:
    that:
      - result.changed == test_cases[index].changed
  loop: "{{ regenerate_tests_output.results }}"
@@ -135,6 +135,6 @@
    loop_var: result
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
    path: "{{ certificate_path }}"
    state: absent
--- a/tests/integration/targets/openssh_cert/tests/remove.yml
+++ b/tests/integration/targets/openssh_cert/tests/remove.yml
@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
- set_fact:
+- ansible.builtin.set_fact:
    test_cases:
      - test_name: Generate certificate
        type: user
@@ -38,7 +38,7 @@
        changed: false
 - name: Execute remove tests
-  openssh_cert:
+  community.crypto.openssh_cert:
    options: "{{ test_case.options | default(omit) }}"
    path: "{{ test_case.path | default(omit) }}"
    public_key: "{{ test_case.public_key | default(omit) }}"
@@ -57,7 +57,7 @@
    loop_var: test_case
 - name: Assert task statuses
-  assert:
+  ansible.builtin.assert:
    that:
      - result.changed == test_cases[index].changed
  loop: "{{ remove_test_output.results }}"
--- a/tests/integration/targets/openssh_cert/tests/ssh-agent.yml
+++ b/tests/integration/targets/openssh_cert/tests/ssh-agent.yml
@@ -14,7 +14,7 @@
  block:
    - name: Generate always valid cert using agent without key in agent (should fail)
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        signing_key: "{{ signing_key }}"
        public_key: "{{ public_key }}"
@@ -26,16 +26,16 @@
      ignore_errors: true
    - name: Make sure cert creation with agent fails if key not in agent
-      assert:
+      ansible.builtin.assert:
        that:
          - rc_no_key_in_agent is failed
          - "'agent contains no identities' in rc_no_key_in_agent.msg or 'not found in agent' in rc_no_key_in_agent.msg"
    - name: Add key to agent
-      command: 'ssh-add {{ signing_key }}'
+      ansible.builtin.command: 'ssh-add {{ signing_key }}'
    - name: Generate always valid cert with agent (check mode)
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        signing_key: "{{ signing_key }}"
        public_key: "{{ public_key }}"
@@ -46,7 +46,7 @@
      check_mode: true
    - name: Generate always valid cert with agent
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        signing_key: "{{ signing_key }}"
        public_key: "{{ public_key }}"
@@ -56,7 +56,7 @@
        valid_to: forever
    - name: Generate always valid cert with agent (idempotent)
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        signing_key: "{{ signing_key }}"
        public_key: "{{ public_key }}"
@@ -67,13 +67,13 @@
      register: rc_cert_with_agent_idempotent
    - name: Check agent idempotency
-      assert:
+      ansible.builtin.assert:
        that:
          - rc_cert_with_agent_idempotent is not changed
        msg: OpenSSH certificate generation without serial number is idempotent.
    - name: Generate always valid cert with agent (idempotent, check mode)
-      openssh_cert:
+      community.crypto.openssh_cert:
        type: user
        signing_key: "{{ signing_key }}"
        public_key: "{{ public_key }}"
@@ -84,6 +84,6 @@
      check_mode: true
    - name: Remove certificate
-      openssh_cert:
+      community.crypto.openssh_cert:
        state: absent
        path: '{{ remote_tmp_dir }}/id_cert_with_agent'
--- a/tests/integration/targets/openssh_keypair/tasks/main.yml
+++ b/tests/integration/targets/openssh_keypair/tasks/main.yml
@@ -9,42 +9,42 @@
 ####################################################################
 - name: Backend auto-detection test
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/auto_backend_key'
    state: "{{ item }}"
  loop: ['present', 'absent']
- set_fact:
+- ansible.builtin.set_fact:
    backends: ['opensshbin']
- set_fact:
+- ansible.builtin.set_fact:
    backends: "{{ backends + ['cryptography'] }}"
  when: cryptography_version.stdout is version('3.0', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')
- include_tasks: ../tests/core.yml
+- ansible.builtin.include_tasks: ../tests/core.yml
  loop: "{{ backends }}"
  loop_control:
    loop_var: backend
- include_tasks: ../tests/invalid.yml
+- ansible.builtin.include_tasks: ../tests/invalid.yml
  loop: "{{ backends }}"
  loop_control:
    loop_var: backend
- include_tasks: ../tests/options.yml
+- ansible.builtin.include_tasks: ../tests/options.yml
  loop: "{{ backends }}"
  loop_control:
    loop_var: backend
- include_tasks: ../tests/regenerate.yml
+- ansible.builtin.include_tasks: ../tests/regenerate.yml
  loop: "{{ backends }}"
  loop_control:
    loop_var: backend
- include_tasks: ../tests/state.yml
+- ansible.builtin.include_tasks: ../tests/state.yml
  loop: "{{ backends }}"
  loop_control:
    loop_var: backend
- include_tasks: ../tests/cryptography_backend.yml
+- ansible.builtin.include_tasks: ../tests/cryptography_backend.yml
  when: cryptography_version.stdout is version('3.0', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')
--- a/tests/integration/targets/openssh_keypair/tests/core.yml
+++ b/tests/integration/targets/openssh_keypair/tests/core.yml
@@ -9,7 +9,7 @@
 ####################################################################
 - name: "({{ backend }}) Generate key (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/core"
    size: 1280
    backend: "{{ backend }}"
@@ -17,14 +17,14 @@
  check_mode: true
 - name: "({{ backend }}) Generate key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/core"
    size: 1280
    backend: "{{ backend }}"
  register: core_output
 - name: "({{ backend }}) Generate key (check mode idempotent)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/core"
    size: 1280
    backend: "{{ backend }}"
@@ -32,18 +32,18 @@
  check_mode: true
 - name: "({{ backend }}) Generate key (idempotent)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/core'
    size: 1280
    backend: "{{ backend }}"
  register: idempotency_core_output
 - name: "({{ backend }}) Log key return values"
-  debug:
+  ansible.builtin.debug:
    msg: "{{ core_output }}"
 - name: "({{ backend }}) Assert core behavior"
-  assert:
+  ansible.builtin.assert:
    that:
      - check_core_output is changed
      - core_output is changed
@@ -52,7 +52,7 @@
      - idempotency_core_output is not changed
 - name: "({{ backend }}) Assert key returns fingerprint"
-  assert:
+  ansible.builtin.assert:
    that:
      - core_output['fingerprint'] is string
      - core_output['fingerprint'].startswith('SHA256:')
@@ -60,44 +60,44 @@
  when: not (backend == 'opensshbin' and openssh_version is version('6.8', '<'))
 - name: "({{ backend }}) Assert key returns public_key"
-  assert:
+  ansible.builtin.assert:
    that:
      - core_output['public_key'] is string
      - core_output['public_key'].startswith('ssh-rsa ')
 - name: "({{ backend }}) Assert key returns size value"
-  assert:
+  ansible.builtin.assert:
    that:
      - core_output['size']|type_debug == 'int'
      - core_output['size'] == 1280
 - name: "({{ backend }}) Assert key returns key type"
-  assert:
+  ansible.builtin.assert:
    that:
      - core_output['type'] is string
      - core_output['type'] == 'rsa'
 - name: "({{ backend }}) Retrieve key size from 'ssh-keygen'"
-  shell: "ssh-keygen -lf {{ remote_tmp_dir }}/core | grep -o -E '^[0-9]+'"
+  ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/core | grep -o -E '^[0-9]+'"
  register: core_size_ssh_keygen
 - name: "({{ backend }}) Assert key size matches 'ssh-keygen' output"
-  assert:
+  ansible.builtin.assert:
    that:
      - core_size_ssh_keygen.stdout == '1280'
 - name: "({{ backend }}) Read core.pub"
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/core.pub'
  register: slurp
 - name: "({{ backend }}) Assert public key module return equal to the public key content"
-  assert:
+  ansible.builtin.assert:
    that:
      - "core_output.public_key == (slurp.content | b64decode).strip('\n ')"
 - name: "({{ backend }}) Remove key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/core'
    backend: "{{ backend }}"
    state: absent
--- a/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml
+++ b/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml
@@ -4,10 +4,10 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: Generate a password protected key
-  command: 'ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}'
 - name: Modify the password protected key with passphrase
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/password_protected'
    size: 1024
    passphrase: "{{ passphrase }}"
@@ -15,7 +15,7 @@
  register: password_protected_output
 - name: Check password protected key idempotency
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/password_protected'
    size: 1024
    passphrase: "{{ passphrase }}"
@@ -23,29 +23,29 @@
  register: password_protected_idempotency_output
 - name: Ensure that ssh-keygen can read keys generated with passphrase
-  command: 'ssh-keygen -yf {{ remote_tmp_dir }}/password_protected -P {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -yf {{ remote_tmp_dir }}/password_protected -P {{ passphrase }}'
  register: password_protected_ssh_keygen_output
 - name: Check that password protected key with passphrase was regenerated
-  assert:
+  ansible.builtin.assert:
    that:
      - password_protected_output is changed
      - password_protected_idempotency_output is not changed
      - password_protected_ssh_keygen_output is success
 - name: Remove password protected key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/password_protected'
    backend: cryptography
    state: absent
 - name: Generate an unprotected key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/unprotected'
    backend: cryptography
 - name: Modify unprotected key with passphrase
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/unprotected'
    size: 1280
    passphrase: "{{ passphrase }}"
@@ -54,7 +54,7 @@
  register: unprotected_modification_output
 - name: Modify unprotected key with passphrase (force)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/unprotected'
    size: 1280
    passphrase: "{{ passphrase }}"
@@ -63,22 +63,22 @@
  register: force_unprotected_modification_output
 - name: Check that unprotected key was modified
-  assert:
+  ansible.builtin.assert:
    that:
      - unprotected_modification_output is failed
      - force_unprotected_modification_output is changed
 - name: Remove unprotected key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/unprotected'
    backend: cryptography
    state: absent
 - name: Generate PEM encoded key with passphrase
-  command: 'ssh-keygen -t rsa -b 1280 -f {{ remote_tmp_dir }}/pem_encoded -N {{ passphrase }} -m PEM'
+  ansible.builtin.command: 'ssh-keygen -t rsa -b 1280 -f {{ remote_tmp_dir }}/pem_encoded -N {{ passphrase }} -m PEM'
 - name: Try to verify a PEM encoded key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/pem_encoded'
    passphrase: "{{ passphrase }}"
    backend: cryptography
@@ -86,84 +86,84 @@
  register: pem_encoded_output
 - name: Check that PEM encoded file is read without errors
-  assert:
+  ansible.builtin.assert:
    that:
      - pem_encoded_output is not changed
 - name: Remove PEM encoded key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/pem_encoded'
    backend: cryptography
    state: absent
 - name: Generate a private key with specified format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/private_key_format'
    private_key_format: pkcs1
    backend: cryptography
 - name: Generate a private key with specified format (Idempotent)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/private_key_format'
    private_key_format: pkcs1
    backend: cryptography
  register: private_key_format_idempotent
 - name: Check that private key with specified format is idempotent
-  assert:
+  ansible.builtin.assert:
    that:
      - private_key_format_idempotent is not changed
 - name: Change to PKCS8 format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/private_key_format'
    private_key_format: pkcs8
    backend: cryptography
  register: private_key_format_pkcs8
 - name: Check that format change causes regeneration
-  assert:
+  ansible.builtin.assert:
    that:
      - private_key_format_pkcs8 is changed
 - name: Change to PKCS8 format (Idempotent)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/private_key_format'
    private_key_format: pkcs8
    backend: cryptography
  register: private_key_format_pkcs8_idempotent
 - name: Check that private key with PKCS8 format is idempotent
-  assert:
+  ansible.builtin.assert:
    that:
      - private_key_format_pkcs8_idempotent is not changed
 - name: Change to SSH format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/private_key_format'
    private_key_format: ssh
    backend: cryptography
  register: private_key_format_ssh
 - name: Check that format change causes regeneration
-  assert:
+  ansible.builtin.assert:
    that:
      - private_key_format_ssh is changed
 - name: Change to SSH format (Idempotent)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/private_key_format'
    private_key_format: ssh
    backend: cryptography
  register: private_key_format_ssh_idempotent
 - name: Check that private key with SSH format is idempotent
-  assert:
+  ansible.builtin.assert:
    that:
      - private_key_format_ssh_idempotent is not changed
 - name: Remove private key with specified format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/private_key_format'
    backend: cryptography
    state: absent
--- a/tests/integration/targets/openssh_keypair/tests/invalid.yml
+++ b/tests/integration/targets/openssh_keypair/tests/invalid.yml
@@ -9,7 +9,7 @@
 ####################################################################
 - name: "({{ backend }}) Generate key - broken"
-  copy:
+  ansible.builtin.copy:
    dest: '{{ item }}'
    content: ''
    mode: '0700'
@@ -18,91 +18,91 @@
    - "{{ remote_tmp_dir }}/broken.pub"
 - name: "({{ backend }}) Regenerate key - broken"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/broken"
    backend: "{{ backend }}"
  register: broken_output
  ignore_errors: true
 - name: "({{ backend }}) Assert broken key causes failure - broken"
-  assert:
+  ansible.builtin.assert:
    that:
      - broken_output is failed
      - "'Unable to read the key. The key is protected with a passphrase or broken.' in broken_output.msg"
 - name: "({{ backend }}) Regenerate key with force - broken"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/broken"
    backend: "{{ backend }}"
    force: true
  register: force_broken_output
 - name: "({{ backend }}) Assert broken key regenerated when 'force=true' - broken"
-  assert:
+  ansible.builtin.assert:
    that:
      - force_broken_output is changed
 - name: "({{ backend }}) Remove key - broken"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/broken"
    backend: "{{ backend }}"
    state: absent
 - name: "({{ backend }}) Generate key - write-only"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/write-only"
    mode: "0200"
    backend: "{{ backend }}"
 - name: "({{ backend }}) Check private key status - write-only"
-  stat:
+  ansible.builtin.stat:
    path: '{{ remote_tmp_dir }}/write-only'
  register: write_only_private_key
 - name: "({{ backend }}) Check public key status - write-only"
-  stat:
+  ansible.builtin.stat:
    path: '{{ remote_tmp_dir }}/write-only.pub'
  register: write_only_public_key
 - name: "({{ backend }}) Assert that private and public keys match permissions - write-only"
-  assert:
+  ansible.builtin.assert:
    that:
      - write_only_private_key.stat.mode == '0200'
      - write_only_public_key.stat.mode == '0200'
 - name: "({{ backend }}) Regenerate key with force - write-only"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/write-only"
    backend: "{{ backend }}"
    force: true
  register: write_only_output
 - name: "({{ backend }}) Check private key status after regeneration - write-only"
-  stat:
+  ansible.builtin.stat:
    path: '{{ remote_tmp_dir }}/write-only'
  register: write_only_private_key_after
 - name: "({{ backend }}) Assert key is regenerated - write-only"
-  assert:
+  ansible.builtin.assert:
    that:
      - write_only_output is changed
 - name: "({{ backend }}) Assert key permissions are preserved with 'opensshbin'"
-  assert:
+  ansible.builtin.assert:
    that:
      - write_only_private_key_after.stat.mode == '0200'
 - name: "({{ backend }}) Remove key - write-only"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/write-only"
    backend: "{{ backend }}"
    state: absent
 - name: "({{ backend }}) Generate key with ssh-keygen - password_protected"
-  command: "ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}"
+  ansible.builtin.command: "ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}"
 - name: "({{ backend }}) Modify key - password_protected"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/password_protected"
    size: 1280
    backend: "{{ backend }}"
@@ -110,13 +110,13 @@
  ignore_errors: true
 - name: "({{ backend }}) Assert key cannot be read - password_protected"
-  assert:
+  ansible.builtin.assert:
    that:
      - password_protected_output is failed
      - "'Unable to read the key. The key is protected with a passphrase or broken.' in password_protected_output.msg"
 - name: "({{ backend }}) Modify key with 'force=true' - password_protected"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/password_protected"
    size: 1280
    backend: "{{ backend }}"
@@ -124,12 +124,12 @@
  register: force_password_protected_output
 - name: "({{ backend }}) Assert key regenerated with 'force=true' - password_protected"
-  assert:
+  ansible.builtin.assert:
    that:
      - force_password_protected_output is changed
 - name: "({{ backend }}) Remove key - password_protected"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/password_protected"
    backend: "{{ backend }}"
    state: absent
--- a/tests/integration/targets/openssh_keypair/tests/options.yml
+++ b/tests/integration/targets/openssh_keypair/tests/options.yml
@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
- set_fact:
+- ansible.builtin.set_fact:
    key_types: "{{ key_types_src | reject('equalto', '') | list }}"
  vars:
    key_types_src:
@@ -17,61 +17,61 @@
      - ecdsa
 - name: "({{ backend }}) Generate keys with default size - size"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/default_size_{{ item }}"
    type: "{{ item }}"
    backend: "{{ backend }}"
  loop: "{{ key_types }}"
 - name: "({{ backend }}) Retrieve key size from 'ssh-keygen' - size"
-  shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'"
+  ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'"
  loop: "{{ key_types }}"
  register: key_size_output
 - name: "({{ backend }}) Assert key sizes match default size - size"
-  assert:
+  ansible.builtin.assert:
    that:
      - (key_size_output.results | selectattr('item', 'equalto', 'rsa') | first).stdout == '4096'
      - not openssh_supports_dsa or (key_size_output.results | selectattr('item', 'equalto', 'dsa') | first).stdout == '1024'
      - (key_size_output.results | selectattr('item', 'equalto', 'ecdsa') | first).stdout == '256'
 - name: "({{ backend }}) Remove keys - size"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/default_size_{{ item }}"
    state: absent
  loop: "{{ key_types }}"
 - block:
    - name: "({{ backend }}) Generate ed25519 key with default size - size"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
        path: "{{ remote_tmp_dir }}/default_size_ed25519"
        type: ed25519
        backend: "{{ backend }}"
    - name: "({{ backend }}) Retrieve ed25519 key size from 'ssh-keygen' - size"
-      shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'"
+      ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'"
      register: ed25519_key_size_output
    - name: "({{ backend }}) Assert ed25519 key size matches default size - size"
-      assert:
+      ansible.builtin.assert:
        that:
          - ed25519_key_size_output.stdout == '256'
    - name: "({{ backend }}) Remove ed25519 key - size"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
        path: "{{ remote_tmp_dir }}/default_size_ed25519"
        state: absent
  # Support for ed25519 keys was added in OpenSSH 6.5
  when: not (backend == 'opensshbin' and openssh_version is version('6.5', '<'))
 - name: "({{ backend }}) Generate key - force"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/force"
    type: rsa
    backend: "{{ backend }}"
 - name: "({{ backend }}) Regenerate key - force"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/force"
    type: rsa
    force: true
@@ -79,25 +79,25 @@
  register: force_output
 - name: "({{ backend }}) Assert key regenerated - force"
-  assert:
+  ansible.builtin.assert:
    that:
      - force_output is changed
 - name: "({{ backend }}) Remove key - force"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/force"
    state: absent
    backend: "{{ backend }}"
 - name: "({{ backend }}) Generate key - comment"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/comment"
    comment: "test@comment"
    backend: "{{ backend }}"
  register: comment_output
 - name: "({{ backend }}) Modify comment - comment"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/comment"
    comment: "test_modified@comment"
    backend: "{{ backend }}"
@@ -106,13 +106,13 @@
 - name: "({{ backend }}) Assert comment preserved public key - comment"
  when: modified_comment_output is succeeded
-  assert:
+  ansible.builtin.assert:
    that:
      - comment_output.public_key == modified_comment_output.public_key
      - comment_output.comment == 'test@comment'
 - name: "({{ backend }}) Assert comment changed - comment"
-  assert:
+  ansible.builtin.assert:
    that:
      - modified_comment_output.comment == 'test_modified@comment'
      - modified_comment_output is succeeded
@@ -120,14 +120,14 @@
  when: not (backend == 'opensshbin' and openssh_version is version('7.2', '<'))
 - name: "({{ backend }}) Assert comment not changed - comment"
-  assert:
+  ansible.builtin.assert:
    that:
      - modified_comment_output is failed
  # Support for updating comments for key types other than rsa1 was added in OpenSSH 7.2
  when: backend == 'opensshbin' and openssh_version is version('7.2', '<')
 - name: "({{ backend }}) Remove key - comment"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: "{{ remote_tmp_dir }}/comment"
    state: absent
    backend: "{{ backend }}"
--- a/tests/integration/targets/openssh_keypair/tests/regenerate.yml
+++ b/tests/integration/targets/openssh_keypair/tests/regenerate.yml
@@ -23,7 +23,7 @@
  loop: "{{ old_test_artifacts.files }}"
 - name: "({{ backend }}) Regenerate - setup simple keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
    type: rsa
    size: 1024
@@ -31,11 +31,11 @@
    regenerate: "{{ item }}"
  loop: "{{ regenerate_values }}"
 - name: "({{ backend }}) Regenerate - setup password protected keys"
-  command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}'
  loop: "{{ regenerate_values }}"
 - name: "({{ backend }}) Regenerate - setup broken keys"
-  copy:
+  ansible.builtin.copy:
    dest: '{{ remote_tmp_dir }}/regenerate-c-{{ item.0 }}{{ item.1 }}'
    content: 'broken key'
    mode: '0700'
@@ -44,11 +44,11 @@
    - ['', '.pub']
 - name: "({{ backend }}) Regenerate - setup password protected keys for passphrse test"
-  command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}'
  loop: "{{ regenerate_values }}"
 - name: "({{ backend }}) Regenerate - modify broken keys (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}'
    type: rsa
    size: 1024
@@ -58,7 +58,7 @@
  loop: "{{ regenerate_values }}"
  ignore_errors: true
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is failed
      - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -70,7 +70,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - modify broken keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}'
    type: rsa
    size: 1024
@@ -79,7 +79,7 @@
  loop: "{{ regenerate_values }}"
  ignore_errors: true
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is failed
      - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -91,7 +91,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - modify password protected keys (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}'
    type: rsa
    size: 1024
@@ -101,7 +101,7 @@
  loop: "{{ regenerate_values }}"
  ignore_errors: true
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is failed
      - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -113,7 +113,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}'
    type: rsa
    size: 1024
@@ -126,7 +126,7 @@
  register: result
  when: backend == 'cryptography'
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is success
      - result.results[1] is failed
@@ -137,7 +137,7 @@
  when: backend == 'cryptography'
 - name: "({{ backend }}) Regenerate - modify password protected keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}'
    type: rsa
    size: 1024
@@ -146,7 +146,7 @@
  loop: "{{ regenerate_values }}"
  ignore_errors: true
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is failed
      - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -158,7 +158,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-d-{{ item }}'
    type: rsa
    size: 1024
@@ -170,7 +170,7 @@
  register: result
  when: backend == 'cryptography'
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is success
      - result.results[1] is failed
@@ -181,7 +181,7 @@
  when: backend == 'cryptography'
 - name: "({{ backend }}) Regenerate - not modify regular keys (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
    type: rsa
    size: 1024
@@ -190,7 +190,7 @@
  check_mode: true
  loop: "{{ regenerate_values }}"
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is not changed
      - result.results[1] is not changed
@@ -199,7 +199,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - not modify regular keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
    type: rsa
    size: 1024
@@ -207,7 +207,7 @@
    backend: "{{ backend }}"
  loop: "{{ regenerate_values }}"
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is not changed
      - result.results[1] is not changed
@@ -216,7 +216,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - adjust key size (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
    type: rsa
    size: 1048
@@ -226,7 +226,7 @@
  loop: "{{ regenerate_values }}"
  ignore_errors: true
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is success and result.results[0] is not changed
      - result.results[1] is failed
@@ -236,7 +236,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - adjust key size"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
    type: rsa
    size: 1048
@@ -245,7 +245,7 @@
  loop: "{{ regenerate_values }}"
  ignore_errors: true
  register: result
- assert:
+- ansible.builtin.assert:
    that:
      - result.results[0] is success and result.results[0] is not changed
      - result.results[1] is failed
@@ -255,7 +255,7 @@
      - result.results[4] is changed
 - name: "({{ backend }}) Regenerate - redistribute keys"
-  copy:
+  ansible.builtin.copy:
    src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}'
    dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}'
    remote_src: true
@@ -270,7 +270,7 @@
  block:
    - name: "({{ backend }}) Regenerate - adjust key type (check mode)"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
        path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
        type: '{{ ssh_type }}'
        size: '{{ ssh_size }}'
@@ -280,7 +280,7 @@
      loop: "{{ regenerate_values }}"
      ignore_errors: true
      register: result
-    - assert:
+    - ansible.builtin.assert:
        that:
          - result.results[0] is success and result.results[0] is not changed
          - result.results[1] is failed
@@ -290,7 +290,7 @@
          - result.results[4] is changed
    - name: "({{ backend }}) Regenerate - adjust key type"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
        path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
        type: '{{ ssh_type }}'
        size: '{{ ssh_size }}'
@@ -299,7 +299,7 @@
      loop: "{{ regenerate_values }}"
      ignore_errors: true
      register: result
-    - assert:
+    - ansible.builtin.assert:
        that:
          - result.results[0] is success and result.results[0] is not changed
          - result.results[1] is failed
@@ -309,7 +309,7 @@
          - result.results[4] is changed
    - name: "({{ backend }}) Regenerate - redistribute keys"
-      copy:
+      ansible.builtin.copy:
        src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}'
        dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}'
        remote_src: true
@@ -319,7 +319,7 @@
      when: "item.0 != 'always'"
    - name: "({{ backend }}) Regenerate - adjust comment (check mode)"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
        path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
        type: '{{ ssh_type }}'
        size: '{{ ssh_size }}'
@@ -330,7 +330,7 @@
      loop: "{{ regenerate_values }}"
      ignore_errors: true
      register: result
-    - assert:
+    - ansible.builtin.assert:
        that:
          - result is changed
@@ -338,7 +338,7 @@
    - when: not (backend == 'opensshbin' and openssh_version is version('7.2', '<'))
      block:
        - name: "({{ backend }}) Regenerate - adjust comment"
-          openssh_keypair:
+          community.crypto.openssh_keypair:
            path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
            type: '{{ ssh_type }}'
            size: '{{ ssh_size }}'
@@ -347,7 +347,7 @@
            backend: "{{ backend }}"
          loop: "{{ regenerate_values }}"
          register: result
-        - assert:
+        - ansible.builtin.assert:
            that:
              - result is changed
              # for all values but 'always', the key should not be regenerated.
--- a/tests/integration/targets/openssh_keypair/tests/state.yml
+++ b/tests/integration/targets/openssh_keypair/tests/state.yml
@@ -9,41 +9,41 @@
 ####################################################################
 - name: "({{ backend }}) Generate key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/removed'
    backend: "{{ backend }}"
    state: present
 - name: "({{ backend }}) Generate key (idempotency)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    path: '{{ remote_tmp_dir }}/removed'
    backend: "{{ backend }}"
    state: present
 - name: "({{ backend }}) Remove key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    state: absent
    path: '{{ remote_tmp_dir }}/removed'
    backend: "{{ backend }}"
 - name: "({{ backend }}) Remove key (idempotency)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
    state: absent
    path: '{{ remote_tmp_dir }}/removed'
    backend: "{{ backend }}"
 - name: "({{ backend }}) Check private key status"
-  stat:
+  ansible.builtin.stat:
    path: '{{ remote_tmp_dir }}/removed'
  register: removed_private_key
 - name: "({{ backend }}) Check public key status"
-  stat:
+  ansible.builtin.stat:
    path: '{{ remote_tmp_dir }}/removed.pub'
  register: removed_public_key
 - name: "({{ backend }}) Assert key pair files are removed"
-  assert:
+  ansible.builtin.assert:
    that:
      - not removed_private_key.stat.exists
      - not removed_public_key.stat.exists
--- a/tests/integration/targets/openssl_csr/tasks/impl.yml
+++ b/tests/integration/targets/openssl_csr/tasks/impl.yml
@@ -4,17 +4,17 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: "({{ select_crypto_backend }}) Generate privatekey"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
    size: '{{ default_rsa_key_size }}'
 - name: "({{ select_crypto_backend }}) Read privatekey"
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/privatekey.pem'
  register: privatekey
 - name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -25,7 +25,7 @@
  register: generate_csr_check
 - name: "({{ select_crypto_backend }}) Generate CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -35,7 +35,7 @@
  register: generate_csr
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr.csr'
    privatekey_content: '{{ privatekey.content | b64decode }}'
    subject_ordered:
@@ -45,7 +45,7 @@
  register: generate_csr_idempotent
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -56,7 +56,7 @@
  register: generate_csr_idempotent_check
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr-nosan.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -67,7 +67,7 @@
  register: generate_csr_nosan_check
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr-nosan.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -77,7 +77,7 @@
  register: generate_csr_nosan
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr-nosan.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -87,7 +87,7 @@
  register: generate_csr_nosan_check_idempotent
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr-nosan.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -102,7 +102,7 @@
 # but the short name is used to test idempotency for ipsecuser
 # and vice-versa for biometricInfo
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -118,7 +118,7 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -135,7 +135,7 @@
  register: csr_ku_xku
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test XKU change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -151,7 +151,7 @@
  register: csr_ku_xku_change
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test KU change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -166,14 +166,14 @@
  register: csr_ku_xku_change_2
 - name: "({{ select_crypto_backend }}) Generate CSR with old API"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_oldapi.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    commonName: www.ansible.com
    select_crypto_backend: '{{ select_crypto_backend }}'
 - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (1/2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csrinvsan.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject_alt_name: invalid-san.example.com
@@ -182,7 +182,7 @@
  ignore_errors: true
 - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csrinvsan2.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject_alt_name: "DNS:system:kube-controller-manager"
@@ -191,7 +191,7 @@
  ignore_errors: true
 - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ocsp.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject_alt_name: "DNS:www.ansible.com"
@@ -199,7 +199,7 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
 - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple (test idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ocsp.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject_alt_name: "DNS:www.ansible.com"
@@ -208,13 +208,13 @@
  register: csr_ocsp_idempotency
 - name: "({{ select_crypto_backend }}) Generate ECC privatekey"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey2.pem'
    type: ECC
    curve: secp384r1
 - name: "({{ select_crypto_backend }}) Generate CSR with ECC privatekey"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr2.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
    subject:
@@ -222,7 +222,7 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
 - name: "({{ select_crypto_backend }}) Generate CSR with text common name"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr3.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
    subject:
@@ -231,7 +231,7 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
 - name: "({{ select_crypto_backend }}) Generate CSR with country name"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr4.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
    country_name: de
@@ -239,7 +239,7 @@
  register: country_idempotent_1
 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr4.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
    country_name: de
@@ -247,7 +247,7 @@
  register: country_idempotent_2
 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent 2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr4.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
    subject:
@@ -256,7 +256,7 @@
  register: country_idempotent_3
 - name: "({{ select_crypto_backend }}) Generate CSR with country name (bad country name)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr4.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
    subject:
@@ -266,19 +266,19 @@
  ignore_errors: true
 - name: "({{ select_crypto_backend }}) Generate privatekey with password"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    select_crypto_backend: cryptography
    size: '{{ default_rsa_key_size }}'
 - name: "({{ select_crypto_backend }}) Read privatekey"
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/privatekeypw.pem'
  register: privatekeypw
 - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_pw.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    privatekey_passphrase: hunter2
@@ -286,7 +286,7 @@
  register: passphrase_1
 - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase and private key content"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_pw.csr'
    privatekey_content: '{{ privatekeypw.content | b64decode }}'
    privatekey_passphrase: hunter2
@@ -294,7 +294,7 @@
  register: passphrase_1_content
 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_pw1.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    privatekey_passphrase: hunter2
@@ -303,7 +303,7 @@
  register: passphrase_error_1
 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_pw2.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    privatekey_passphrase: wrong_password
@@ -312,7 +312,7 @@
  register: passphrase_error_2
 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_pw3.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
@@ -320,11 +320,11 @@
  register: passphrase_error_3
 - name: "({{ select_crypto_backend }}) Create broken CSR"
-  copy:
+  ansible.builtin.copy:
    dest: "{{ remote_tmp_dir }}/csrbroken.csr"
    content: "broken"
 - name: "({{ select_crypto_backend }}) Regenerate broken CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csrbroken.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
    subject:
@@ -334,7 +334,7 @@
  register: output_broken
 - name: "({{ select_crypto_backend }}) Generate CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_backup.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -343,7 +343,7 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: csr_backup_1
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_backup.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -352,7 +352,7 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: csr_backup_2
 - name: "({{ select_crypto_backend }}) Generate CSR (change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_backup.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -361,7 +361,7 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: csr_backup_3
 - name: "({{ select_crypto_backend }}) Generate CSR (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_backup.csr'
    state: absent
    backup: true
@@ -369,7 +369,7 @@
    return_content: true
  register: csr_backup_4
 - name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_backup.csr'
    state: absent
    backup: true
@@ -377,7 +377,7 @@
  register: csr_backup_5
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ski.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -387,7 +387,7 @@
  register: subject_key_identifier_1
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ski.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -397,7 +397,7 @@
  register: subject_key_identifier_2
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ski.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -407,7 +407,7 @@
  register: subject_key_identifier_3
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ski.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -417,7 +417,7 @@
  register: subject_key_identifier_4
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ski.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -427,7 +427,7 @@
  register: subject_key_identifier_5
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_ski.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -436,7 +436,7 @@
  register: subject_key_identifier_6
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_aki.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -446,7 +446,7 @@
  register: authority_key_identifier_1
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_aki.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -456,7 +456,7 @@
  register: authority_key_identifier_2
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_aki.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -466,7 +466,7 @@
  register: authority_key_identifier_3
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_aki.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -475,7 +475,7 @@
  register: authority_key_identifier_4
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_acisn.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -488,7 +488,7 @@
  register: authority_cert_issuer_sn_1
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_acisn.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -501,7 +501,7 @@
  register: authority_cert_issuer_sn_2
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change issuer)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_acisn.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -514,7 +514,7 @@
  register: authority_cert_issuer_sn_3
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change serial number)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_acisn.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -527,7 +527,7 @@
  register: authority_cert_issuer_sn_4
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_acisn.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -535,7 +535,7 @@
  register: authority_cert_issuer_sn_5
 - name: "({{ select_crypto_backend }}) Generate CSR with everything"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_everything.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject_ordered:
@@ -620,7 +620,7 @@
  register: everything_1
 - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_everything.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject_ordered:
@@ -706,7 +706,7 @@
  register: everything_2
 - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_everything.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -792,7 +792,7 @@
  register: everything_3
 - name: "({{ select_crypto_backend }}) Generate CSR with everything (not idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_everything.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject_ordered:
@@ -887,7 +887,7 @@
 - name: "({{ select_crypto_backend }}) Ed25519 and Ed448 tests (for cryptography >= 2.6)"
  block:
    - name: "({{ select_crypto_backend }}) Generate privatekeys"
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
        type: '{{ item }}'
      loop:
@@ -901,7 +901,7 @@
      block:
        - name: "({{ select_crypto_backend }}) Generate CSR"
-          openssl_csr:
+          community.crypto.openssl_csr:
            path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr'
            privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
            subject:
@@ -914,7 +914,7 @@
          ignore_errors: true
        - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-          openssl_csr:
+          community.crypto.openssl_csr:
            path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr'
            privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
            subject:
@@ -931,7 +931,7 @@
 - name: "({{ select_crypto_backend }}) CRL distribution endpoints (for cryptography >= 1.6)"
  block:
    - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints"
-      openssl_csr:
+      community.crypto.openssl_csr:
        path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
        privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
        subject:
@@ -953,7 +953,7 @@
      register: crl_distribution_endpoints_1
    - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (idempotence)"
-      openssl_csr:
+      community.crypto.openssl_csr:
        path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
        privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
        subject:
@@ -975,7 +975,7 @@
      register: crl_distribution_endpoints_2
    - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (change)"
-      openssl_csr:
+      community.crypto.openssl_csr:
        path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
        privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
        subject:
@@ -995,7 +995,7 @@
      register: crl_distribution_endpoints_3
    - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (no endpoints)"
-      openssl_csr:
+      community.crypto.openssl_csr:
        path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
        privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
        subject:
@@ -1004,7 +1004,7 @@
      register: crl_distribution_endpoints_4
    - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints"
-      openssl_csr:
+      community.crypto.openssl_csr:
        path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
        privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
        subject:
--- a/tests/integration/targets/openssl_csr/tasks/main.yml
+++ b/tests/integration/targets/openssl_csr/tasks/main.yml
@@ -10,22 +10,22 @@
 - block:
    - name: Prepare private key for backend autodetection test
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
        path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
        size: '{{ default_rsa_key_size }}'
    - name: Run module with backend autodetection
-      openssl_csr:
+      community.crypto.openssl_csr:
        path: '{{ remote_tmp_dir }}/csr_backend_selection.csr'
        privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
        subject:
          commonName: www.ansible.com
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
      vars:
        select_crypto_backend: cryptography
--- a/tests/integration/targets/openssl_csr/tests/validate.yml
+++ b/tests/integration/targets/openssl_csr/tests/validate.yml
@@ -4,25 +4,25 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
-  shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
+  ansible.builtin.shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
  register: privatekey_modulus
 - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr.csr -nameopt oneline,-space_eq"
  register: csr_cn
 - name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
-  shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr.csr'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr.csr'
  register: csr_modulus
 - name: "({{ select_crypto_backend }}) Validate CSR (assert)"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
      - csr_modulus.stdout == privatekey_modulus.stdout
 - name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
-  assert:
+  ansible.builtin.assert:
    that:
      - generate_csr_check is changed
      - generate_csr is changed
@@ -30,12 +30,12 @@
      - generate_csr_idempotent_check is not changed
 - name: "({{ select_crypto_backend }}) Read CSR"
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/csr.csr'
  register: slurp
 - name: "({{ select_crypto_backend }}) Validate CSR (data retrieval)"
-  assert:
+  ansible.builtin.assert:
    that:
      - generate_csr_check.csr is none
      - generate_csr.csr == (slurp.content | b64decode)
@@ -43,7 +43,7 @@
      - generate_csr.csr == generate_csr_idempotent_check.csr
 - name: "({{ select_crypto_backend }}) Validate CSR without SAN (check mode, idempotency)"
-  assert:
+  ansible.builtin.assert:
    that:
      - generate_csr_nosan_check is changed
      - generate_csr_nosan is changed
@@ -51,28 +51,28 @@
      - generate_csr_nosan_check_idempotent_check is not changed
 - name: "({{ select_crypto_backend }}) Validate CSR_KU_XKU (assert idempotency, change)"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr_ku_xku is not changed
      - csr_ku_xku_change is changed
      - csr_ku_xku_change_2 is changed
 - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
  register: csr_oldapi_cn
 - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - csr modulus)"
-  shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr_oldapi.csr'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr_oldapi.csr'
  register: csr_oldapi_modulus
 - name: "({{ select_crypto_backend }}) Validate old_API CSR (assert)"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'
      - csr_oldapi_modulus.stdout == privatekey_modulus.stdout
 - name: "({{ select_crypto_backend }}) Validate invalid SAN (1/2)"
-  assert:
+  ansible.builtin.assert:
    that:
      - generate_csr_invalid_san is failed
      - "'Subject Alternative Name' in generate_csr_invalid_san.msg"
@@ -87,49 +87,49 @@
  when: cryptography_version.stdout is version('2.0', '<')
 - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (test - everything)"
-  shell: "{{ openssl_binary }} req -noout -in {{ remote_tmp_dir }}/csr_ocsp.csr -text"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -in {{ remote_tmp_dir }}/csr_ocsp.csr -text"
  register: csr_ocsp
 - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert)"
-  assert:
+  ansible.builtin.assert:
    that:
      - "(csr_ocsp.stdout is search('\\s+TLS Feature:\\s*\\n\\s+status_request\\s+')) or
         (csr_ocsp.stdout is search('\\s+1.3.6.1.5.5.7.1.24:\\s*\\n\\s+0\\.\\.\\.\\.\\s+'))"
 - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert idempotency)"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr_ocsp_idempotency is not changed
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - privatekey's public key)"
-  shell: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey2.pem'
+  ansible.builtin.shell: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey2.pem'
  register: privatekey_ecc_key
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr2.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr2.csr -nameopt oneline,-space_eq"
  register: csr_ecc_cn
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - CSR pubkey)"
-  shell: '{{ openssl_binary }} req -noout -pubkey -in {{ remote_tmp_dir }}/csr2.csr'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -pubkey -in {{ remote_tmp_dir }}/csr2.csr'
  register: csr_ecc_pubkey
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (assert)"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr_ecc_cn.stdout.split('=')[-1] == 'www.ansible.com'
      - csr_ecc_pubkey.stdout == privatekey_ecc_key.stdout
 - name: "({{ select_crypto_backend }}) Validate CSR (text common name - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr3.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr3.csr -nameopt oneline,-space_eq"
  register: csr3_cn
 - name: "({{ select_crypto_backend }}) Validate CSR (assert)"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr3_cn.stdout.split('=')[-1] == 'This is for Ansible'
 - name: "({{ select_crypto_backend }}) Validate country name idempotency and validation"
-  assert:
+  ansible.builtin.assert:
    that:
      - country_idempotent_1 is changed
      - country_idempotent_2 is not changed
@@ -137,13 +137,13 @@
      - country_fail_4 is failed
 - name: "({{ select_crypto_backend }}) Validate idempotency of privatekey_passphrase"
-  assert:
+  ansible.builtin.assert:
    that:
      - passphrase_1 is changed
      - passphrase_1_content is not changed
 - name: "({{ select_crypto_backend }}) Validate private key passphrase errors"
-  assert:
+  ansible.builtin.assert:
    that:
      - passphrase_error_1 is failed
      - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
@@ -153,12 +153,12 @@
      - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
 - name: "({{ select_crypto_backend }}) Verify that broken CSR will be regenerated"
-  assert:
+  ansible.builtin.assert:
    that:
      - output_broken is changed
 - name: "({{ select_crypto_backend }}) Verify that subject key identifier handling works"
-  assert:
+  ansible.builtin.assert:
    that:
      - subject_key_identifier_1 is changed
      - subject_key_identifier_2 is not changed
@@ -168,7 +168,7 @@
      - subject_key_identifier_6 is changed
 - name: "({{ select_crypto_backend }}) Verify that authority key identifier handling works"
-  assert:
+  ansible.builtin.assert:
    that:
      - authority_key_identifier_1 is changed
      - authority_key_identifier_2 is not changed
@@ -176,7 +176,7 @@
      - authority_key_identifier_4 is changed
 - name: "({{ select_crypto_backend }}) Verify that authority cert issuer / serial number handling works"
-  assert:
+  ansible.builtin.assert:
    that:
      - authority_cert_issuer_sn_1 is changed
      - authority_cert_issuer_sn_2 is not changed
@@ -185,7 +185,7 @@
      - authority_cert_issuer_sn_5 is changed
 - name: "({{ select_crypto_backend }}) Check backup"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr_backup_1 is changed
      - csr_backup_1.backup_file is undefined
@@ -200,7 +200,7 @@
      - csr_backup_4.csr is none
 - name: "({{ select_crypto_backend }}) Check CSR with everything"
-  assert:
+  ansible.builtin.assert:
    that:
      - everything_1 is changed
      - everything_2 is not changed
@@ -271,7 +271,7 @@
      - everything_info.name_constraints_critical == true
 - name: "({{ select_crypto_backend }}) Check CSR with everything"
-  assert:
+  ansible.builtin.assert:
    that:
      - everything_info.authority_cert_issuer == [
            "DNS:ca.example.org",
@@ -314,7 +314,7 @@
        ]
 - name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8)"
-  assert:
+  ansible.builtin.assert:
    that:
      - generate_csr_ed25519_ed448.results[0] is failed
      - generate_csr_ed25519_ed448.results[1] is failed
@@ -325,7 +325,7 @@
  when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and generate_csr_ed25519_ed448_privatekey is not failed
 - name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)"
-  assert:
+  ansible.builtin.assert:
    that:
      - generate_csr_ed25519_ed448 is succeeded
      - generate_csr_ed25519_ed448.results[0] is changed
@@ -336,7 +336,7 @@
  when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=') and generate_csr_ed25519_ed448_privatekey is not failed
 - name: "({{ select_crypto_backend }}) Verify CRL distribution endpoints (for cryptography >= 1.6)"
-  assert:
+  ansible.builtin.assert:
    that:
      - crl_distribution_endpoints_1 is changed
      - crl_distribution_endpoints_2 is not changed
--- a/tests/integration/targets/openssl_csr_info/tasks/impl.yml
+++ b/tests/integration/targets/openssl_csr_info/tasks/impl.yml
@@ -3,31 +3,31 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
- debug:
+- ansible.builtin.debug:
    msg: "Executing tests with backend {{ select_crypto_backend }}"
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_1.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result
 - name: "({{ select_crypto_backend }}) Get CSR info (IDNA encoding)"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_1.csr'
    name_encoding: idna
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result_idna
 - name: "({{ select_crypto_backend }}) Get CSR info (Unicode encoding)"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_1.csr'
    name_encoding: unicode
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result_unicode
 - name: "({{ select_crypto_backend }}) Check whether subject and extensions behaves as expected"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.subject.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
@@ -54,7 +54,7 @@
      - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
 - name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.subject_key_identifier == "00:11:22:33"
      - result.authority_key_identifier == "44:55:66:77"
@@ -71,18 +71,18 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: "({{ select_crypto_backend }}) Read CSR"
-  slurp:
+  ansible.builtin.slurp:
    src: '{{ remote_tmp_dir }}/csr_1.csr'
  register: slurp
 - name: "({{ select_crypto_backend }}) Get CSR info directly"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
    content: '{{ slurp.content | b64decode }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result_direct
 - name: "({{ select_crypto_backend }}) Compare output of direct and loaded info"
-  assert:
+  ansible.builtin.assert:
    that:
      - >-
        (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
@@ -90,19 +90,19 @@
        (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_2.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_3.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result
 - name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.authority_key_identifier is none
      - result.authority_cert_issuer == expected_authority_cert_issuer
@@ -114,13 +114,13 @@
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_4.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result
 - name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
    that:
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer is none
--- a/tests/integration/targets/openssl_csr_info/tasks/main.yml
+++ b/tests/integration/targets/openssl_csr_info/tasks/main.yml
@@ -9,24 +9,24 @@
 ####################################################################
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
    name: idna
    state: present
 - name: Generate privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
    size: '{{ default_rsa_key_size }}'
 - name: Generate privatekey with password
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    select_crypto_backend: cryptography
    size: '{{ default_rsa_key_size }}'
 - name: Generate CSR 1
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_1.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -95,7 +95,7 @@
      - "IP:1.2.3.4"
 - name: Generate CSR 2
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_2.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    privatekey_passphrase: hunter2
@@ -104,7 +104,7 @@
      - "CA:TRUE"
 - name: Generate CSR 3
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_3.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    useCommonNameForSAN: false
@@ -122,14 +122,14 @@
      - "IP:1.2.3.4"
 - name: Generate CSR 4
-  openssl_csr:
+  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_4.csr'
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    useCommonNameForSAN: false
    authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
 - name: Running tests with cryptography backend
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
  vars:
    select_crypto_backend: cryptography
  when: cryptography_version.stdout is version('1.3', '>=')
--- a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml
+++ b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml
@@ -4,12 +4,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - name: "({{ select_crypto_backend }}) Generate privatekey"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
    size: '{{ default_rsa_key_size }}'
 - name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
      commonName: www.ansible.com
@@ -18,7 +18,7 @@
  register: generate_csr_check
 - name: "({{ select_crypto_backend }}) Generate CSR"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
      commonName: www.ansible.com
@@ -26,7 +26,7 @@
  register: generate_csr
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
    content: "{{ generate_csr.csr }}"
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -35,7 +35,7 @@
  register: generate_csr_idempotent
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
    content: "{{ generate_csr.csr }}"
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -45,7 +45,7 @@
  register: generate_csr_idempotent_check
 - name: "({{ select_crypto_backend }}) Generate CSR (changed)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
    content: "{{ generate_csr.csr }}"
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -54,7 +54,7 @@
  register: generate_csr_changed
 - name: "({{ select_crypto_backend }}) Generate CSR (changed, check mode)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
    content: "{{ generate_csr.csr }}"
    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
    subject:
@@ -64,29 +64,29 @@
  register: generate_csr_changed_check
 - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
-  shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
+  ansible.builtin.shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
  register: privatekey_modulus
 - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq"
  args:
    stdin: "{{ generate_csr.csr }}"
  register: csr_cn
 - name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
-  shell: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin'
  args:
    stdin: "{{ generate_csr.csr }}"
  register: csr_modulus
 - name: "({{ select_crypto_backend }}) Validate CSR (assert)"
-  assert:
+  ansible.builtin.assert:
    that:
      - csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
      - csr_modulus.stdout == privatekey_modulus.stdout
 - name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
-  assert:
+  ansible.builtin.assert:
    that:
      - generate_csr_check is changed
      - generate_csr is changed
--- a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml
+++ b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml
@@ -9,18 +9,18 @@
 ####################################################################
 - name: Prepare private key for backend autodetection test
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
    size: '{{ default_rsa_key_size }}'
 - name: Run module with backend autodetection
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
    privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
    subject:
      commonName: www.ansible.com
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
      vars:
        select_crypto_backend: cryptography
--- a/tests/integration/targets/openssl_dhparam/tasks/impl.yml
+++ b/tests/integration/targets/openssl_dhparam/tasks/impl.yml
@@ -6,7 +6,7 @@
 # The tests for this module generate unsafe parameters for testing purposes;
 # otherwise tests would be too slow. Use sizes of at least 2048 in production!
 - name: "[{{ select_crypto_backend }}] Generate parameter (check mode)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    size: 768
    path: '{{ remote_tmp_dir }}/dh768.pem'
    select_crypto_backend: "{{ select_crypto_backend }}"
@@ -15,7 +15,7 @@
  register: dhparam_check
 - name: "[{{ select_crypto_backend }}] Generate parameter"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    size: 768
    path: '{{ remote_tmp_dir }}/dh768.pem'
    select_crypto_backend: "{{ select_crypto_backend }}"
@@ -23,7 +23,7 @@
  register: dhparam
 - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    size: 768
    path: '{{ remote_tmp_dir }}/dh768.pem'
    select_crypto_backend: "{{ select_crypto_backend }}"
@@ -32,7 +32,7 @@
  register: dhparam_changed_check
 - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    size: 768
    path: '{{ remote_tmp_dir }}/dh768.pem'
    select_crypto_backend: "{{ select_crypto_backend }}"
@@ -40,32 +40,32 @@
  register: dhparam_changed
 - name: "[{{ select_crypto_backend }}] Generate parameters with size option"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh512.pem'
    size: 512
    select_crypto_backend: "{{ select_crypto_backend }}"
 - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with size option and no change"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh512.pem'
    size: 512
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_changed_512
- copy:
+- ansible.builtin.copy:
    src: '{{ remote_tmp_dir }}/dh768.pem'
    remote_src: true
    dest: '{{ remote_tmp_dir }}/dh512.pem'
 - name: "[{{ select_crypto_backend }}] Re-generate if size is different"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh512.pem'
    size: 512
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_changed_to_512
 - name: "[{{ select_crypto_backend }}] Force re-generate parameters with size option"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh512.pem'
    size: 512
    force: true
@@ -73,11 +73,11 @@
  register: dhparam_changed_force
 - name: "[{{ select_crypto_backend }}] Create broken params"
-  copy:
+  ansible.builtin.copy:
    dest: "{{ remote_tmp_dir }}/dhbroken.pem"
    content: "broken"
 - name: "[{{ select_crypto_backend }}] Regenerate broken params"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dhbroken.pem'
    size: 512
    force: true
@@ -85,21 +85,21 @@
  register: output_broken
 - name: "[{{ select_crypto_backend }}] Generate params"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh_backup.pem'
    size: 512
    backup: true
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_1
 - name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh_backup.pem'
    size: 512
    backup: true
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_2
 - name: "[{{ select_crypto_backend }}] Generate params (change)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh_backup.pem'
    size: 512
    force: true
@@ -107,7 +107,7 @@
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: dhparam_backup_3
 - name: "[{{ select_crypto_backend }}] Generate params (remove)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh_backup.pem'
    state: absent
    backup: true
@@ -115,7 +115,7 @@
    return_content: true
  register: dhparam_backup_4
 - name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh_backup.pem'
    state: absent
    backup: true
--- a/tests/integration/targets/openssl_dhparam/tasks/main.yml
+++ b/tests/integration/targets/openssl_dhparam/tasks/main.yml
@@ -12,35 +12,35 @@
 # otherwise tests would be too slow. Use sizes of at least 2048 in production!
 - name: Run module with backend autodetection
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
    path: '{{ remote_tmp_dir }}/dh_backend_selection.pem'
    size: 512
 - block:
    - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
-    - include_tasks: ../tests/validate.yml
+    - ansible.builtin.include_tasks: ../tests/validate.yml
  vars:
    select_crypto_backend: openssl
  # when: openssl_version.stdout is version('1.0.0', '>=')
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: absent
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
    path: "{{ remote_tmp_dir }}"
    state: directory
 - block:
    - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
-    - include_tasks: ../tests/validate.yml
+    - ansible.builtin.include_tasks: ../tests/validate.yml
  vars:
    select_crypto_backend: cryptography
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Felix Fontein	5ca4ecb54b	Release 2.26.3.	2025-06-14 16:44:49 +02:00
Felix Fontein	ea970a044f	Stick to community.general 10.x.y for CI.	2025-06-13 06:11:49 +02:00
Felix Fontein	3e3318f059	acme_account: check for 'externalAccountRequired' error (#919 ) (#920 ) * Check for 'externalAccountRequired' error. * Add changelog fragment. (cherry picked from commit `056ae1cf69`)	2025-06-13 06:10:41 +02:00
Felix Fontein	ae6fb88896	Prepare 2.26.3.	2025-06-12 22:45:19 +02:00
patchback[bot]	66d7989222	Add HARICA to the list of tested CAs (#915 ) (#916 ) * Add HARICA to the list of tested CAs * Add ZeroSSL to list. --------- (cherry picked from commit `ec063d8515`) Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at> Co-authored-by: Daniel Ziegenberg <daniel@ziegenberg.at> Co-authored-by: Felix Fontein <felix@fontein.de>	2025-06-08 21:08:04 +02:00
Felix Fontein	99d6a17653	Fix some ansible-lint issues (#907 ) (#908 ) * Fix fqcn[action-core]. * Fix fqcn[action]. * Fix jinja[spacing]. (cherry picked from commit `8792635bef`)	2025-05-30 22:43:43 +02:00
patchback[bot]	edeed24e8f	Document supported curves for Elliptic Curve keys on ACME Accounts (#904 ) (#906 ) (cherry picked from commit `7241d5543a`) Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at> Co-authored-by: Daniel Ziegenberg <daniel@ziegenberg.at>	2025-05-30 13:08:08 +02:00
Felix Fontein	2f3809c84b	Next release will be 2.26.3.	2025-05-22 22:02:19 +02:00
Felix Fontein	4f92a02bc4	Release 2.26.2.	2025-05-22 21:19:40 +02:00
Felix Fontein	f7b01bae60	Prepare 2.26.2.	2025-05-22 19:58:28 +02:00
Felix Fontein	43d7868646	[stable-2] Remove entrust announcement (#901 ) * Announce removal of Entrust content from community.crypto 3.0.0. * Add more information on Entrust removal.	2025-05-22 19:57:08 +02:00
patchback[bot]	3fbf173674	Add RHEL 10.0 to CI. (#899 ) (#902 ) (cherry picked from commit `41b71bb60c`) Co-authored-by: Felix Fontein <felix@fontein.de>	2025-05-22 06:43:36 +02:00
Felix Fontein	d350b94ae6	Lint doc fragments. (cherry picked from commit `ef230011fd`)	2025-05-01 16:48:13 +02:00
Felix Fontein	a75cc7345a	Fix typo. (cherry picked from commit `718021b714`)	2025-04-29 08:13:56 +02:00
Felix Fontein	f7795f65b0	Remove 'upcoming' information on 2.0.0.	2025-04-28 12:06:34 +02:00
Felix Fontein	b5d3277798	The next release will be 2.26.2. There will be (very likely) no more minor releases from this branch.	2025-04-28 11:59:23 +02:00
Felix Fontein	f1a170d427	This is now the stable-2 branch.	2025-04-28 11:58:55 +02:00