diff --git a/defaults/main.yml b/defaults/main.yml
index da551f7..298077c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -43,15 +43,17 @@ nginx_tls_enabled: False
 nginx_tls_versions:
   - TLSv1.2
 
-# @var nginx_tls_cert_source:description: Source has to be a file.
-# @var nginx_tls_cert_source: $ "_unset_"
-# @var nginx_tls_key_source:description: Source has to be a file.
-# @var nginx_tls_key_source: $ "_unset_"
+nginx_tls_certificates: []
+# @var nginx_tls_certificates:example: >
+# nginx_tls_certificates:
+#   - source: "{{ ansible_user_dir }}/files/mycert.pem"
+#     dest: /etc/pki/tls/certs/mycert.pem
+#     mode: 0644
+#   - source: "{{ ansible_user_dir }}/files/mykey.pem"
+#     dest: /etc/pki/tls/private/mykey.pem
+#     mode: 0600
+# @end
 
-# @var nginx_tls_cert_file:description: Set the destination filename.
-nginx_tls_cert_file: mycert.pem
-# @var nginx_tls_key_file:description: Set the destination filename.
-nginx_tls_key_file: mykey.pem
 # @var nginx_tls_dhparam_file: $ "_unset_"
 nginx_tls_dhparam_size: 2048
 
@@ -149,8 +151,8 @@ nginx_vhosts_default:
 #         tls_redirect: False # skips locations if enabled
 #         tls_redirect_url:
 #         tls:
-#           cert: /etc/pki/tls/..
-#           key: /etc/pki/tls/..
+#           cert: /etc/pki/tls/certs/mycert.pem
+#           key: /etc/pki/tls/private/mykey.pem
 #           dhparam:
 #         client_max_body_size:
 #         send_timeout:
diff --git a/tasks/tls.yml b/tasks/tls.yml
index de98dac..a7cac32 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -1,18 +1,22 @@
 ---
 - block:
-    - name: Copy certs and private key
-      copy:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        mode: "{{ item.mode }}"
-      loop:
-        - { src: "{{ nginx_tls_key_source }}", dest: '/etc/pki/tls/private/{{ nginx_tls_key_file }}', mode: '0600' }
-        - { src: "{{ nginx_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ nginx_tls_cert_file }}', mode: '0750' }
+    - name: Ensur target directories exist for certificate files
+      file:
+        name: "{{ item.dest | dirname }}"
+        state: directory
+      loop: "{{ nginx_tls_certificates }}"
+      loop_control:
+        label: "{{ item.dest }}"
+
+    - name: Copy certificate files
+      copy:
+        src: "{{ item.source }}"
+        dest: "{{ item.dest }}"
+        mode: "{{ item.mode | default('0600') }}"
+        owner: "{{ item.owner | default('root') }}"
+      loop: "{{ nginx_tls_certificates }}"
       loop_control:
         label: "{{ item.dest }}"
-      when:
-        - nginx_tls_cert_source is defined
-        - nginx_tls_key_source is defined
       notify: __nginx_reload
 
     - name: Create Diffie-Hellman Parameter
diff --git a/templates/etc/nginx/sites-available/vhost.j2 b/templates/etc/nginx/sites-available/vhost.j2
index 6b09029..6bfa6f4 100644
--- a/templates/etc/nginx/sites-available/vhost.j2
+++ b/templates/etc/nginx/sites-available/vhost.j2
@@ -21,8 +21,8 @@ server {
     {% endif %}
     {% if server.tls is defined and server.tls %}
 
-    ssl_certificate /etc/pki/tls/certs/{{ server.tls.cert }};
-    ssl_certificate_key /etc/pki/tls/private/{{ server.tls.key }};
+    ssl_certificate {{ server.tls.cert }};
+    ssl_certificate_key {{ server.tls.key }};
     {% if server.tls.dhparam is defined %}
     ssl_dhparam {{ item.value.ssl.dhparam }};
     {% endif %}