diff --git a/defaults/main.yml b/defaults/main.yml
index 5e55acc..48155fa 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,7 +3,7 @@ certbot_work_dir: /var/lib/letsencrypt
 certbot_config_dir: /etc/letsencrypt
 certbot_log_dir: /var/log/letsencrypt
 certbot_environment:
-  - "{{ certbot_work_dir }}"
-  - "{{ certbot_config_dir }}"
-  - "{{ certbot_log_dir }}"
+  - { name: "{{ certbot_work_dir }}", mode: '0755' }
+  - { name: "{{ certbot_config_dir }}", mode: '0755' }
+  - { name: "{{ certbot_log_dir }}", mode: '0700' }
 certbot_user: root
diff --git a/tasks/install.yml b/tasks/install.yml
index 0123fd1..bb41701 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -14,9 +14,10 @@
         state: present
 
     - name: Create certbot environment
-      path: "{{ item }}"
+      file:
+        path: "{{ item.name }}"
         state: directory
-        mode: 0755
+        mode: "{{ item.mode }}"
       with_items: "{{ certbot_environment }}"
 
     - name: Deploy config file