Use the builtin openssl dhparam module instead of the openssl command

tasks/ssl.yml

@@ -1,9 +1,20 @@
 ---
+- name: Create signing key
+  shell: >
+    /opt/synapse/env/bin/python -c "
+    from signedjson import key;
+    with open('/opt/synapse/ssl/{{ matrix_synapse_domain}}.signing.key','w') as file:
+      key.write_signing_keys(file, [key.generate_signing_key('first')]);
+    "
+  args:
+    creates: /opt/synapse/ssl/{{ matrix_synapse_domain }}.signing.key
+  become: true
+  become_user: synapse
+  notify:
+    - "restart synapse"
 
 - name: create DH parameters
-  command: openssl dhparam -out ssl/{{ matrix_synapse_domain }}.dh 2048
-  args:
-    creates: /opt/synapse/ssl/{{ matrix_synapse_domain }}.dh
-    chdir: /opt/synapse
-  become_user: synapse
-  become: true
+  openssl_dhparam:
+    path: "/opt/synapse/ssl/{{ matrix_synapse_domain }}.dh"
+    owner: synapse
+