diff --git a/roles/tlscert_selfsigned/defaults/main.json b/roles/tlscert_selfsigned/defaults/main.json
index 23e7808..06c1a9a 100644
--- a/roles/tlscert_selfsigned/defaults/main.json
+++ b/roles/tlscert_selfsigned/defaults/main.json
@@ -1,5 +1,3 @@
 {
-	"var_tlscert_selfsigned_domain_base": "example.org",
-	"var_tlscert_selfsigned_domain_path": "foo",
-	"var_tlscert_selfsigned_ssl_directory": "/etc/ssl"
+	"var_tlscert_selfsigned_domain": "foo.example.org"
 }
diff --git a/roles/tlscert_selfsigned/tasks/main.json b/roles/tlscert_selfsigned/tasks/main.json
index 5b816f3..bed8255 100644
--- a/roles/tlscert_selfsigned/tasks/main.json
+++ b/roles/tlscert_selfsigned/tasks/main.json
@@ -14,10 +14,10 @@
 		"name": "setup directories",
 		"become": true,
 		"loop": [
-			"{{var_tlscert_selfsigned_ssl_directory}}/private",
-			"{{var_tlscert_selfsigned_ssl_directory}}/csr",
-			"{{var_tlscert_selfsigned_ssl_directory}}/certs",
-			"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+			"/etc/ssl/private",
+			"/etc/ssl/csr",
+			"/etc/ssl/certs",
+			"/etc/ssl/fullchains"
 		],
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -28,19 +28,19 @@
 		"name": "csr | generate private key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	},
 	{
 		"name": "csr | execute",
 		"become": true,
 		"community.crypto.openssl_csr": {
-			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
-			"common_name": "{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}",
+			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"common_name": "{{var_tlscert_selfsigned_domain}}",
 			"subject_alt_name": [
-				"DNS:{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}"
+				"DNS:{{var_tlscert_selfsigned_domain}}"
 			],
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem"
 		},
 		"register": "temp_csr"
 	},
@@ -48,17 +48,17 @@
 		"name": "generate certificate",
 		"become": true,
 		"community.crypto.x509_certificate": {
-			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
-			"csr_path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
+			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem",
 			"provider": "selfsigned",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	},
 	{
 		"name": "compose fullchain",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "cat {{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem > {{var_tlscert_selfsigned_ssl_directory}}/fullchains/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	}
 ]