diff --git a/tasks/tls.yml b/tasks/tls.yml
index 6493793..8ff2e76 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -11,14 +11,14 @@
 
   - name: Copy certs and private key (file)
     copy:
-      src: "{{ item.0.source }}"
-      dest: "{{ item.0.path }}/{{ item.0.name }}"
-      mode: "{{ item.0.mode }}"
-    with_subelements:
-      - "{{ __pve_certificates }}"
-      - nodes
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { source: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs", mode: "0750" }
+      - { source: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private", mode: "0600" }
     loop_control:
-      label: "{{ item.0.path }}/{{ item.0.name }}"
+      label: "{{ item.dest }}"
     register: __pve_copy_cert_file
     when: pve_tls_source_use_files
 
@@ -28,14 +28,14 @@
 
   - name: Copy certs and private key (content)
     copy:
-      content: "{{ item.0.source }}"
-      dest: "{{ item.0.path }}/{{ item.0.name }}"
-      mode: "{{ item.0.mode }}"
-    with_subelements:
-      - "{{ __pve_certificates }}"
-      - nodes
+      content: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { source: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs", mode: "0750" }
+      - { source: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private", mode: "0600" }
     loop_control:
-      label: "{{ item.0.path }}/{{ item.0.name }}"
+      label: "{{ item.dest }}"
     register: __pve_copy_cert_content
     when: pve_tls_source_use_content
 
@@ -44,12 +44,14 @@
     when: pve_tls_source_use_content
 
   - name: Copy cert/key to pve filesystem
-    command: "/bin/cp -rf {{ item.dest }} /etc/pve/nodes/{{ item.dest | basename }}"
-    when: item.changed
-    changed_when: item.changed
-    with_items: "{{ __pve_copy_cert.results }}"
+    command: "/bin/cp -rf {{ item.dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
+    when: item[0].changed
+    changed_when: item[0].changed
+    with_nested:
+      - "{{ __pve_copy_cert.results }}"
+      - "{{ pve_nodes }}"
     loop_control:
-      label: "/etc/pve/nodes/{{ item.dest | basename }}"
+      label: "/etc/pve/nodes/{{ item[0].dest | basename }}"
     notify: __pveproxy_restart
   become: True
   become_user: root