diff --git a/defaults/main.yml b/defaults/main.yml
index 7adad4e..33c13a3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -50,7 +50,12 @@ nginx_tls_enabled: False
 nginx_tls_certs_dir: /etc/pki/tls/certs
 nginx_tls_key_dir: /etc/pki/tls/private
 nginx_tls_cert_file: "{{ nginx_tls_certs_dir }}/mycert.pem"
-nginx_tls_private_key_file: "{{ nginx_tls_key_dir }}/mycert.pem"
+nginx_tls_private_key_file: "{{ nginx_tls_key_dir }}/mykey.pem"
+nginx_tls_source_use_content: False
+nginx_tls_source_use_files: True
+nginx_tls_cert_source: mycert.pem
+nginx_tls_key_source: mykey.pem
+
 
 nginx_pfs_enabled: False
 nginx_dhparam_size: 4069
diff --git a/handlers/main.yml b/handlers/main.yml
index 8188842..d662cea 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -4,6 +4,6 @@
     state: reloaded
     name: nginx
   listen:
-    - "nginx_reload"
+    - __nginx_reload
   become: True
   become_user: root
diff --git a/tasks/install.yml b/tasks/install.yml
index 0a578ab..6f45c0f 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -59,8 +59,7 @@
       group: root
       mode: 0640
       validate: /sbin/nginx -t -c %s
-    notify:
-      - nginx_reload
+    notify: __nginx_reload
 
   - name: Remove default.conf from conf.d
     file:
@@ -75,8 +74,7 @@
       group: root
       mode: 0640
       validate: bash -c 'nginx -t -c /dev/stdin <<< "events {worker_connections 1;} http { include %s; }"'
-    notify:
-      - nginx_reload
+    notify: __nginx_reload
 
   - name: Open ports in iptables
     iptables_raw:
@@ -86,6 +84,18 @@
   become: True
   become_user: root
 
+- block:
+  - name: Add default page
+    template:
+      src: var/www/vhosts/default/index.html.j2
+      dest: /var/www/vhosts/default/index.html
+      owner: nginx
+      group: nginx
+      mode: 0750
+  when: nginx_default_page_enabled
+  become: True
+  become_user: nginx
+
 - block:
   - name: Add default page configuration file
     template:
@@ -94,8 +104,7 @@
       owner: root
       group: root
       mode: 0640
-    notify:
-      - nginx_reload
+    notify: __nginx_reload
 
   - name: Enable default page
     file:
@@ -104,8 +113,7 @@
       owner: root
       group: root
       state: link
-    notify:
-      - nginx_reload
+    notify: __nginx_reload
   when: nginx_default_page_enabled
   become: True
   become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
index a48ceb8..96bd39d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,4 @@
 ---
 - include_tasks: install.yml
+- include_tasks: tls.yml
+  when: nginx_tls_enabled
diff --git a/tasks/tls.yml b/tasks/tls.yml
index 5e445fb..853506c 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -1,61 +1,53 @@
 - block:
-  - name: Copy tls certificate
-    copy:
-      content: "{{ nginx_tls_cert }}"
-      dest: "{{ nginx_tls_cert_file }}"
-      owner: root
-      group: root
-      mode: 0644
-    notify:
-      - nginx_reload
+  - name: Create tls folder structure
+    file:
+      path: "{{ item }}"
+      state: directory
+      mode: 700
+    with_items:
+      - "{{ nginx_tls_certs_dir }}"
+      - "{{ nginx_tls_key_dir }}"
 
-  - name: Copy ssl intermediate cert
+  - name: Copy certs and private key (content)
     copy:
-      content: "{{ nginx_tls_intermediate_ca }}"
-      dest: "{{ nginx_tls_intermediate_ca_file }}"
-      owner: root
-      group: root
-      mode: 0644
-    notify:
-      - nginx_reload
+      content: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ nginx_tls_key_source }}", dest: '{{ nginx_tls_key_file }}', mode: '0600' }
+      - { src: "{{ nginx_tls_cert_source }}", dest: '{{ nginx_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    notify: __nginx_reload
+    when: nginx_tls_source_use_content
 
-  - name: Copy tls private key
+  - name: Copy certs and private key (files)
     copy:
-      content: "{{ nginx_tls_private_key }}"
-      dest: "{{ nginx_tls_private_key_file }}"
-      owner: root
-      group: root
-      mode: 0600
-    notify:
-      - nginx_reload
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ nginx_tls_key_source }}", dest: '{{ nginx_tls_key_file }}', mode: '0600' }
+      - { src: "{{ nginx_tls_cert_source }}", dest: '{{ nginx_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    notify: __nginx_reload
+    when: nginx_tls_source_use_files
   become: True
   become_user: root
-  when: nginx_tls_enabled
 
 - block:
   - name: Register dhparam file
     stat:
       path: "{{ nginx_dhparam_file }}"
-    register: dh_file
+    register: __nginx_dh_file
 
   - name: Generate Diffie-Hellman parameter file
     shell: "/usr/bin/openssl dhparam -out '{{ nginx_dhparam_file }}' {{ nginx_dhparam_size }}"
     async: 3600
     poll: 60
-    when: not dh_file.stat.exists
-    notify:
-      - nginx_reload
+    when: not __nginx_dh_file.stat.exists
+    notify: __nginx_reload
   become: True
   become_user: root
   when: nginx_pfs_enabled
-
-- block:
-  - name: Add default page
-    template:
-      src: 'var/www/vhosts/default/index.html.j2'
-      dest: '/var/www/vhosts/default/index.html'
-      owner: nginx
-      group: nginx
-      mode: 0750
-  become: True
-  become_user: nginx