diff --git a/defaults/main.yml b/defaults/main.yml
index 6b4a428..45981c5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,12 +7,12 @@ unifi_group: ubnt
 unifi_user: ubnt
 
 unifi_lvm_enabled: False
-# unifi_lvm_pvs:
-#   - /dev/sda
-# unifi_lvm_vg: vg_unifi
-# unifi_lvm_lv: lv_unifi
-# unifi_lvm_size: 10G
-# unifi_lvm_fstype: xfs
+unifi_lvm_pvs:
+  - /dev/sdxx
+unifi_lvm_vg: vg_unifi
+unifi_lvm_lv: lv_unifi
+unifi_lvm_size: 10G
+unifi_lvm_fstype: xfs
 unifi_base_dir: /opt/unifi
 unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"
 
@@ -42,10 +42,16 @@ unifi_open_ports:
       -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
     state: present
 
-unifi_tls_deployment_enabled: False
+unifi_tls_enabled: False
 unifi_tls_pkcs12_passphrase: temppass
-unifi_tls_cert_path: /etc/pki/tls/certs/mycert.pem
-unifi_tls_key_path: /etc/pki/tls/private/mykey.pem
+unifi_tls_certs_dir: /etc/pki/tls/certs
+unifi_tls_key_dir: /etc/pki/tls/private
+unifi_tls_cert_file: "{{ unifi_tls_certs_dir }}/mycert.pem"
+unifi_tls_key_file: "{{ unifi_tls_key_dir }}/mykey.pem"
+unifi_tls_source_use_content: False
+unifi_tls_source_use_files: True
+unifi_tls_cert_source: mycert.pem
+unifi_tls_key_source: mykey.pem
 
 unifi_nginx_vhost_enabled: False
 unifi_server_ip: 127.0.0.1
diff --git a/tasks/main.yml b/tasks/main.yml
index 3d09dc5..02701e3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -4,6 +4,6 @@
   when: unifi_lvm_enabled
 - include_tasks: install.yml
 - include_tasks: tls.yml
-  when: unifi_tls_deployment_enabled
+  when: unifi_tls_enabled
 - include_tasks: nginx.yml
   when: unifi_nginx_vhost_enabled
diff --git a/tasks/tls.yml b/tasks/tls.yml
index 3f323b0..15ff10c 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -1,15 +1,37 @@
 ---
-- name: Copy tls cert and key
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: "{{ unifi_tls_key_path }}", dest: '/etc/pki/tls/private/unifi.pem', mode: '0600' }
-    - { src: "{{ unifi_tls_cert_path }}", dest: '/etc/pki/tls/certs/unifi.pem', mode: '0750' }
-  loop_control:
-    label: "{{ item.dest }}"
-  register: __unifi_certs
+- block:
+  - name: Create tls folder structure
+    file:
+      path: "{{ item }}"
+      state: directory
+      mode: 750
+    with_items:
+      - "{{ unifi_tls_certs_dir }}"
+      - "{{ unifi_tls_key_dir }}"
+
+  - name: Copy certs and private key (file)
+    copy:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
+      - { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    register: __unifi_certs
+
+  - name: Copy certs and private key (content)
+    copy:
+      content: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
+      - { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    register: __unifi_certs
   become: True
   become_user: root
 
@@ -22,8 +44,8 @@
     openssl_pkcs12:
       path: "{{ __unifi_pkcs12_path }}"
       friendly_name: ubnt
-      privatekey_path: /etc/pki/tls/private/unifi.pem
-      cert_path: /etc/pki/tls/certs/unifi.pem
+      privatekey_path: "{{ unifi_tls_key_file }}"
+      cert_path: {{ unifi_tls_cert_file }}
       passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
       state: present