diff --git a/defaults/main.yaml b/defaults/main.yaml
index dded4ee..2afccd7 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -10,12 +10,11 @@ certificate_authority_root_ca_import: true
 
 ## @param certificate_authority_root_ca_path Directory where the private and public TLS key of the root certificate authority should be stored.
 ## @param certificate_authority_root_ca_common_name Common Name (CN) of the root certificate authority.
-## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority.
+## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`.
 ## @param certificate_authority_root_ca_email_address E-Mail Address of the root certificate authority owner.
 ## @param certificate_authority_root_ca_organization_name Organization name of the root certificate authority owner.
 ## @param certificate_authority_root_ca_organizational_unit_name Organizational unit name of the root certificate authority.
 ## @param certificate_authority_root_ca_state_or_province_name State or province name where the owner of the root certificate authority is located.
-## @param certificate_authority_root_ca_state State where the owner of the root certificate authority is located
 ## @param certificate_authority_root_ca_subject_alternative_names Subject Alternative Names (SAN) of the root certificate authority.
 ## @param certificate_authority_root_ca_not_after Time in the future from now when the TLS certificate should expire
 ## @param certificate_authority_root_ca_not_before Time in the past from now when the TLS certificate should be valid.
@@ -26,7 +25,6 @@ certificate_authority_root_ca_email_address: ""
 certificate_authority_root_ca_organization_name: ""
 certificate_authority_root_ca_organizational_unit_name: ""
 certificate_authority_root_ca_state_or_province_name: ""
-certificate_authority_root_ca_state: ""
 certificate_authority_root_ca_subject_alternative_names: []
 certificate_authority_root_ca_not_after: "+3650d"
 certificate_authority_root_ca_not_before: "+0s"
@@ -50,12 +48,11 @@ certificate_authority_intermediate_ca_create: true
 
 ## @param certificate_authority_intermediate_ca_path Directory where the private and public TLS key of the intermediate certificate authority should be stored.
 ## @param certificate_authority_intermediate_ca_common_name Common Name (CN) of the intermediate certificate authority.
-## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority.
+## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`.
 ## @param certificate_authority_intermediate_ca_email_address E-Mail Address of the intermediate certificate authority owner.
 ## @param certificate_authority_intermediate_ca_organization_name Organization name of the intermediate certificate authority owner.
 ## @param certificate_authority_intermediate_ca_organizational_unit_name Organizational unit name of the intermediate certificate authority.
 ## @param certificate_authority_intermediate_ca_state_or_province_name State or province name where the owner of the intermediate certificate authority is located.
-## @param certificate_authority_intermediate_ca_state State where the owner of the intermediate certificate authority is located.
 ## @param certificate_authority_intermediate_ca_subject_alternative_names Subject Alternative Names (SAN) of the intermediate certificate authority.
 ## @param certificate_authority_intermediate_ca_not_after Time in the future from now when the TLS certificate should expire
 ## @param certificate_authority_intermediate_ca_not_before Time in the past from now when the TLS certificate should be valid.
@@ -66,7 +63,6 @@ certificate_authority_intermediate_ca_email_address: ""
 certificate_authority_intermediate_ca_organization_name: ""
 certificate_authority_intermediate_ca_organizational_unit_name: ""
 certificate_authority_intermediate_ca_state_or_province_name: ""
-certificate_authority_intermediate_ca_state: ""
 certificate_authority_intermediate_ca_subject_alternative_names: []
 certificate_authority_intermediate_ca_not_after: "+1825d"
 certificate_authority_intermediate_ca_not_before: "+0s"
@@ -90,12 +86,11 @@ certificate_authority_client_create: true
 
 ## @param certificate_authority_client_path Directory where the private and public TLS key of the client certificate authority should be stored.
 ## @param certificate_authority_client_common_name Common Name (CN) of the client certificate.
-## @param certificate_authority_client_country_name Country Name (CN) of the client certificate.
+## @param certificate_authority_client_country_name Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`.
 ## @param certificate_authority_client_email_address E-Mail Address of the client certificate owner.
 ## @param certificate_authority_client_organization_name Organization name of the client certificate owner.
 ## @param certificate_authority_client_organizational_unit_name Common Name (CN) of the client certificate.
 ## @param certificate_authority_client_state_or_province_name State or province name where the owner of the client certificate is located.
-## @param certificate_authority_client_state State where the owner of the client certificate is located.
 ## @param certificate_authority_client_subject_alternative_names Subject Alternative Names (SAN) of the client certificate.
 ## @param certificate_authority_client_not_after Time in the future from now when the TLS certificate should expire
 ## @param certificate_authority_client_not_before Time in the past from now when the TLS certificate should be valid.
@@ -106,7 +101,6 @@ certificate_authority_client_email_address: ""
 certificate_authority_client_organization_name: ""
 certificate_authority_client_organizational_unit_name: ""
 certificate_authority_client_state_or_province_name: ""
-certificate_authority_client_state: ""
 certificate_authority_client_subject_alternative_names: []
 certificate_authority_client_not_after: "+397d"
 certificate_authority_client_not_before: "+0s"
diff --git a/tasks/client_certificate_protected.yaml b/tasks/client_certificate_protected.yaml
index c9027e4..b6e7423 100644
--- a/tasks/client_certificate_protected.yaml
+++ b/tasks/client_certificate_protected.yaml
@@ -21,7 +21,6 @@
     privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
-    state: "{{ certificate_authority_client_state }}"
   when: |
     certificate_authority_client_subject_alternative_names is not defined or
     (certificate_authority_client_subject_alternative_names is defined and
@@ -41,7 +40,6 @@
     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
     privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
-    state: "{{ certificate_authority_client_state }}"
     subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
   when: certificate_authority_client_subject_alternative_names is defined and
         certificate_authority_client_subject_alternative_names | length > 0
diff --git a/tasks/client_certificate_unprotected.yaml b/tasks/client_certificate_unprotected.yaml
index b6d0e63..8b913ee 100644
--- a/tasks/client_certificate_unprotected.yaml
+++ b/tasks/client_certificate_unprotected.yaml
@@ -19,7 +19,6 @@
     privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
-    state: "{{ certificate_authority_client_state }}"
   when: |
     certificate_authority_client_subject_alternative_names is not defined or
     (certificate_authority_client_subject_alternative_names is defined and
@@ -38,7 +37,6 @@
     path: "{{ certificate_authority_client_path }}/cert-req.pem"
     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
-    state: "{{ certificate_authority_client_state }}"
     subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
   when: certificate_authority_client_subject_alternative_names is defined and
         certificate_authority_client_subject_alternative_names | length > 0
diff --git a/tasks/intermediate_certificate_authority_protected.yaml b/tasks/intermediate_certificate_authority_protected.yaml
index affd8d4..45fbec7 100644
--- a/tasks/intermediate_certificate_authority_protected.yaml
+++ b/tasks/intermediate_certificate_authority_protected.yaml
@@ -20,7 +20,6 @@
     privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
     privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
     state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
-    state: "{{ certificate_authority_intermediate_ca_state }}"
     use_common_name_for_san: false
 
 - name: Create signed client certificate - unprotected root Certificate Authority (CA)
diff --git a/tasks/intermediate_certificate_authority_unprotected.yaml b/tasks/intermediate_certificate_authority_unprotected.yaml
index f6da7d0..fbc80ed 100644
--- a/tasks/intermediate_certificate_authority_unprotected.yaml
+++ b/tasks/intermediate_certificate_authority_unprotected.yaml
@@ -17,7 +17,6 @@
     path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
     privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
     state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
-    state: "{{ certificate_authority_intermediate_ca_state }}"
     use_common_name_for_san: false
 
 - name: Create signed client certificate - unprotected root Certificate Authority (CA)
diff --git a/tasks/root_certificate_authority_protected.yaml b/tasks/root_certificate_authority_protected.yaml
index 2e5dd72..1f29c2d 100644
--- a/tasks/root_certificate_authority_protected.yaml
+++ b/tasks/root_certificate_authority_protected.yaml
@@ -20,7 +20,6 @@
     privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
     privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
     state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
-    state: "{{ certificate_authority_root_ca_state }}"
     use_common_name_for_san: false
 
 - name: Create self-signed certificate for root CA
diff --git a/tasks/root_certificate_authority_unprotected.yaml b/tasks/root_certificate_authority_unprotected.yaml
index ab17030..ebcec28 100644
--- a/tasks/root_certificate_authority_unprotected.yaml
+++ b/tasks/root_certificate_authority_unprotected.yaml
@@ -17,7 +17,6 @@
     path: "{{ certificate_authority_root_ca_path }}/cert-req.pem"
     privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
     state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
-    state: "{{ certificate_authority_root_ca_state }}"
     use_common_name_for_san: false
 
 - name: Create self-signed certificate for root CA