diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 93534f482b2c19e1402d4fab79d5ee0e1fd42452..1987e5bd2ee3429267520f4f4d823a41ac1b0c3a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -46,7 +46,7 @@ bootstrap:
     - echo "subdomain $SUBDOMAIN, domain $DOMAIN, address $ADDRESS"
     - python3 -m openappstack $HOSTNAME create --create-droplet $DOMAIN --hostname $HOSTNAME --ssh-key-id $SSH_KEY_ID --create-domain-records --subdomain $SUBDOMAIN
     - export ANSIBLE_HOST_KEY_CHECKING=False
-    - echo ssh-keyscan -t ssh-ed25519 "$ADDRESS" > ~/.ssh/known_hosts
+    - mkdir -p ~/.ssh/ && echo ssh-keyscan -t ssh-ed25519 "$ADDRESS" > ~/.ssh/known_hosts
     - python3 -m openappstack $HOSTNAME install --ansible-param='--skip-tags=helmfile'
   artifacts:
     paths:
@@ -71,7 +71,7 @@ install:
     - chmod 755 ansible/
     - eval $(ssh-agent -s)
     - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
-    - echo ssh-keyscan -t ssh-ed25519 "$ADDRESS" > ~/.ssh/known_hosts
+    - mkdir -p ~/.ssh/ && echo ssh-keyscan -t ssh-ed25519 "$ADDRESS" > ~/.ssh/known_hosts
     - python3 -m openappstack $HOSTNAME install --ansible-param='--tags=helmfile'
     # Show versions of installed apps/binaries
     - ansible master -m shell -a 'oas-version-info.sh 2>&1'
@@ -93,10 +93,7 @@ testinfra:
     - eval $(ssh-agent -s)
     - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
     - cd ansible/
-    # it seems testinfra does not respect this environment variable, but if we
-    # set host_key_checking = False in the ansible.cfg it should work
-    # - export ANSIBLE_HOST_KEY_CHECKING=False
-    - echo "host_key_checking = False" >> ansible.cfg
+    - mkdir -p ~/.ssh/ && echo ssh-keyscan -t ssh-ed25519 "$ADDRESS" > ~/.ssh/known_hosts
     - pytest -v -m 'testinfra' --connection=ansible --ansible-inventory=../clusters/$HOSTNAME/inventory.yml --hosts='ansible://*'
   only:
     changes:
@@ -115,7 +112,7 @@ certs:
     - eval $(ssh-agent -s)
     - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
     - cd ansible/
-    - export ANSIBLE_HOST_KEY_CHECKING=False
+    - mkdir -p ~/.ssh/ && echo ssh-keyscan -t ssh-ed25519 "$ADDRESS" > ~/.ssh/known_hosts
     - pytest -s -m 'certs' --connection=ansible --ansible-inventory=../clusters/$HOSTNAME/inventory.yml --hosts='ansible://*'
   only:
     changes: