diff --git a/tasks/prepare.yml b/tasks/prepare.yml
index 3cb75db..c3b4fd6 100644
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@@ -19,6 +19,6 @@
     nginx_modules: "{{ shell_modules.stdout_lines }}"
 
 - name: FILE | Create folders
-  file: dest={{ item }} owner=root mode=0755 state=directory
+  file: dest="{{ item.dir }}" owner="{{ item.owner }}" mode="{{ item.mode }}" state=directory
   with_items: "{{ nginx_dirs }}"
 
diff --git a/tasks/ssl.yml b/tasks/ssl.yml
index d744978..67edbe9 100644
--- a/tasks/ssl.yml
+++ b/tasks/ssl.yml
@@ -25,6 +25,7 @@
   copy: >
     content="{{ item.key }}"
     dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' if item.dest_key is not defined else item.dest_key }}"
+    mode=0640
   with_items: "{{ nginx_ssl_pairs }}"
   when: item.key is defined
   notify: reload nginx
@@ -34,6 +35,7 @@
   copy: >
     content="{{ item.cert }}"
     dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
+    mode=0644
   with_items: "{{ nginx_ssl_pairs }}"
   when: item.cert is defined
   notify: reload nginx
diff --git a/tests/test.yml b/tests/test.yml
index 6aeb1c1..fb0365f 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -147,6 +147,7 @@
         location:
           '/hello':
             - htpasswd: 'hello'
+        use_error_log: true
       - name: 'test-htpasswd-all.local'
         template: '_base'
         htpasswd: 'hello'
diff --git a/vars/main.yml b/vars/main.yml
index c296632..c4d0d7e 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -23,9 +23,15 @@ nginx_upstream_server_params:
 #    min_version: '1.5.12'
 
 nginx_dirs:
-  - "{{ nginx_htpasswd_dir }}"
-  - "{{ nginx_ssl_dir }}"
-  - "{{ nginx_helper_dir }}"
+  - dir: "{{ nginx_htpasswd_dir }}"
+    mode: "0750"
+    owner: "{{ nginx_user }}"
+  - dir: "{{ nginx_ssl_dir }}"
+    mode: "0750"
+    owner: "root"
+  - dir: "{{ nginx_helper_dir }}"
+    mode: "0755"
+    owner: "root"
 
 nginx_templates_no_dir:
   - '_backuppc'