diff --git a/index.md b/index.md
index e4fd18f..70d505a 100644
--- a/index.md
+++ b/index.md
@@ -33,16 +33,13 @@ Setup [nginx](https://www.nginx.com/) webserver. Nginx is an open source reverse
   * [nginx_reset_timedout_connection](#nginx_reset_timedout_connection)
   * [nginx_send_timeout](#nginx_send_timeout)
   * [nginx_server_names_hash_bucket_size](#nginx_server_names_hash_bucket_size)
-  * [nginx_tls_cert_file](#nginx_tls_cert_file)
-  * [nginx_tls_cert_source](#nginx_tls_cert_source)
+  * [nginx_tls_certificates](#nginx_tls_certificates)
   * [nginx_tls_ciphers](#nginx_tls_ciphers)
   * [nginx_tls_dhparam_file](#nginx_tls_dhparam_file)
   * [nginx_tls_dhparam_size](#nginx_tls_dhparam_size)
   * [nginx_tls_ecdh_curve](#nginx_tls_ecdh_curve)
   * [nginx_tls_enabled](#nginx_tls_enabled)
   * [nginx_tls_hsts_enabled](#nginx_tls_hsts_enabled)
-  * [nginx_tls_key_file](#nginx_tls_key_file)
-  * [nginx_tls_key_source](#nginx_tls_key_source)
   * [nginx_tls_ocsp_enabled](#nginx_tls_ocsp_enabled)
   * [nginx_tls_ocsp_trusted_certificate](#nginx_tls_ocsp_trusted_certificate)
   * [nginx_tls_versions](#nginx_tls_versions)
@@ -314,24 +311,24 @@ nginx_send_timeout: 60
 nginx_server_names_hash_bucket_size: 32
 ```
 
-### nginx_tls_cert_file
-
-Set the destination filename.
+### nginx_tls_certificates
 
 #### Default value
 
 ```YAML
-nginx_tls_cert_file: mycert.pem
+nginx_tls_certificates: []
 ```
 
-### nginx_tls_cert_source
-
-Source has to be a file.
-
-#### Default value
+#### Example usage
 
 ```YAML
-nginx_tls_cert_source: _unset_
+nginx_tls_certificates:
+  - source: "{{ ansible_user_dir }}/files/mycert.pem"
+    dest: /etc/pki/tls/certs/mycert.pem
+    mode: 0644
+  - source: "{{ ansible_user_dir }}/files/mykey.pem"
+    dest: /etc/pki/tls/private/mykey.pem
+    mode: 0600
 ```
 
 ### nginx_tls_ciphers
@@ -387,26 +384,6 @@ nginx_tls_enabled: false
 nginx_tls_hsts_enabled: false
 ```
 
-### nginx_tls_key_file
-
-Set the destination filename.
-
-#### Default value
-
-```YAML
-nginx_tls_key_file: mykey.pem
-```
-
-### nginx_tls_key_source
-
-Source has to be a file.
-
-#### Default value
-
-```YAML
-nginx_tls_key_source: _unset_
-```
-
 ### nginx_tls_ocsp_enabled
 
 #### Default value
@@ -474,8 +451,8 @@ nginx_vhosts_default:
         tls_redirect: False # skips locations if enabled
         tls_redirect_url:
         tls:
-          cert: /etc/pki/tls/..
-          key: /etc/pki/tls/..
+          cert: /etc/pki/tls/certs/mycert.pem
+          key: /etc/pki/tls/private/mykey.pem
           dhparam:
         client_max_body_size:
         send_timeout: