diff --git a/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh b/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh
index 97f461f554f..fec89bd7fac 100755
--- a/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh
+++ b/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh
@@ -20,9 +20,9 @@ set -o pipefail
 
 # Caller should set in the ev:
 # MASTER_IP - this may be an ip or things like "_use_gce_external_ip_"
+# MASTER_NAME - DNS name for the master
 # DNS_DOMAIN - which will be passed to minions in --cluster_domain
 # SERVICE_CLUSTER_IP_RANGE - where all service IPs are allocated
-# MASTER_NAME - I'm not sure what it is...
 
 # Also the following will be respected
 # CERT_DIR - where to place the finished certs
diff --git a/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml b/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml
index be98366736d..a8e722805fd 100644
--- a/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml
+++ b/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml
@@ -15,12 +15,12 @@
 # FIXME This only generates a cert for one master...
 - name: Run create cert script on master
   command:
-    "{{ kube_script_dir }}/make-ca-cert.sh {{ inventory_hostname }}"
+    "{{ kube_script_dir }}/make-ca-cert.sh"
   args:
     creates: "{{ kube_cert_dir }}/server.crt"
   environment:
     MASTER_IP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
-    MASTER_NAME: "kubernetes"
+    MASTER_NAME: "{{ inventory_hostname }}"
     DNS_DOMAIN: "{{ dns_domain }}"
     SERVICE_CLUSTER_IP_RANGE: "{{ kube_service_addresses }}"
     CERT_DIR: "{{ kube_cert_dir }}"