diff --git a/bootstrap.yml b/bootstrap.yml
index 5ad3eec..9dd3433 100644
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -110,3 +110,15 @@
       client_authenticator_type: client-secret
       id: a6960246-4aa9-495f-8843-69d664dba0ea
       secret: "{{ grafana_kc_client_secret }}"
+
+  - name: Updating ca certificates of Grafana container
+    community.docker.docker_container_exec:
+      user: 0
+      command: update-ca-certificates
+      container: infra-grafana
+
+  - name: Restarting grafana container
+    community.docker.docker_container:
+      name: infra-grafana
+      state: started
+      restart: true
diff --git a/teardown.yml b/teardown.yml
index bd76513..0def38d 100644
--- a/teardown.yml
+++ b/teardown.yml
@@ -12,4 +12,4 @@
       remove_volumes: true
 
   - name: Deleting infra folder contents
-    ansible.builtin.command: rm -r /opt/infra/*
+    ansible.builtin.shell: rm -r /opt/infra/*
diff --git a/templates/compose.yml b/templates/compose.yml
index d953c43..066c07c 100644
--- a/templates/compose.yml
+++ b/templates/compose.yml
@@ -59,7 +59,7 @@ services:
       - grafana-storage:/var/lib/grafana
       - type: bind
         source: ./grafana/mforcen.crt
-        target: /etc/ssl/mforcen.crt
+        target: /usr/local/share/ca-certificates/mforcen.crt
       - type: bind
         source: ./grafana/ssl
         target: /ssl
@@ -86,6 +86,7 @@ services:
       GF_AUTH_GENERIC_OAUTH_ENABLED: true
       GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
       GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ grafana_kc_client_secret }}
+      GF_AUTH_GENERIC_OAUTH_SCOPES: openid email profile offline_access roles
       GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
       GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
       GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name