diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 53d12ddbb994223d001732bc766ad424efdd148b..3c2857034d4a6fa239f72bd49ea57d8618ba1281 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -1569,11 +1569,11 @@ Parameters
   succession, until the first match, or until it runs out of matches, when a
   client requests an URI pointing to directory.
 
-**https_tls_certificate** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}``)
+**https_tls_certificate** (string, mandatory)
   X.509 certificate used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``.
 
-**https_tls_key** (string, optional, ``{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}``)
+**https_tls_key** (string, optional, mandatory)
   Private key used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/private/`` under name ``{{ fqdn }}_https.key``.
 
diff --git a/docs/usage.rst b/docs/usage.rst
index e7093068920a970ff4b3c4e5e8b93c54c4e27b2a..33174c8f5e5be40ef5ee885cfbcf9fbd8af9916d 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -1409,6 +1409,9 @@ Before we start, here is a couple of useful pointers regarding the
         - role: php_website
           # Our virtual host will for PHP website will respond to this name.
           fqdn: tbg.example.com
+          # TLS key and certificate to use for the virtual host.
+          https_tls_certificate: "{{ lookup('file', 'tls/tbg.example.com_https.pem') }}"
+          https_tls_key: "{{ lookup('file', 'tls/tbg.example.com_https.key') }}"
           # Some additional packages are required in order to deploy and use TBG.
           packages:
             - php-gd
diff --git a/roles/php_website/defaults/main.yml b/roles/php_website/defaults/main.yml
index f97b71849db42e5bd4e409eaadd799349f20f5d5..8f990af2a73c683671de3dac3a8ed14b9d57c071 100644
--- a/roles/php_website/defaults/main.yml
+++ b/roles/php_website/defaults/main.yml
@@ -8,8 +8,6 @@ packages: []
 php_file_regex: \.php$
 php_rewrite_urls: []
 rewrites: []
-https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}"
-https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}"
 additional_fpm_config: {}
 website_mail_recipients: "root"
 environment_indicator: null
diff --git a/roles/php_website/molecule/default/playbook.yml b/roles/php_website/molecule/default/playbook.yml
index 67afc4b73cad417c0580eb5bda30a75638d1fd50..e06c07c5a66d2cdd15c174df5280fd1e21e3dcdd 100644
--- a/roles/php_website/molecule/default/playbook.yml
+++ b/roles/php_website/molecule/default/playbook.yml
@@ -11,13 +11,11 @@
     default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/php-website_https.cert.pem') }}"
     default_https_tls_key: "{{ lookup('file', 'tests/data/x509/php-website_https.key.pem') }}"
 
-    # Common parameters (general, not role).
-    tls_certificate_dir: tests/data/x509/
-    tls_private_key_dir: tests/data/x509/
-
   roles:
     - role: php_website
       fqdn: parameters-mandatory
+      https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.cert.pem') }}"
+      https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.key.pem') }}"
 
     - role: php_website
       additional_fpm_config:
diff --git a/roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.pem b/roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem
similarity index 100%
rename from roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.pem
rename to roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem
diff --git a/roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key b/roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem
similarity index 100%
rename from roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key
rename to roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem
diff --git a/roles/php_website/molecule/default/tests/test_parameters_mandatory.py b/roles/php_website/molecule/default/tests/test_parameters_mandatory.py
index 0d1637b93221d56f2fbc5f977e79b4b2a6060be3..1479de163d1f7692150e2f0e3cf51fead3dec811 100644
--- a/roles/php_website/molecule/default/tests/test_parameters_mandatory.py
+++ b/roles/php_website/molecule/default/tests/test_parameters_mandatory.py
@@ -160,14 +160,14 @@ def test_nginx_tls_files(host):
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
-        assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.key", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.key.pem", "r").read().rstrip()
 
         tls_file = host.file('/etc/ssl/certs/parameters-mandatory_https.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
-        assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.pem", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.cert.pem", "r").read().rstrip()
 
 
 def test_certificate_validity_check_configuration(host):