diff --git a/defaults/main.yml b/defaults/main.yml
index b74c6d7..35e340b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -93,10 +93,10 @@ default_le_certbot_cert:
   email: "{{ CERT_CONFIG.letsencrypt.email }}"
 
 # letsencrypt example:
-#certs:
-#  example1:
-#    domains: ['example1.ansibleguy.net']
-#    email: 'dummy@ansibleguy.net'
-#  example2:
-#    domains: ['example2.ansibleguy.net']
-#    email: 'dummy@ansibleguy.net'
+# certs:
+#   example1:
+#     domains: ['example1.ansibleguy.net']
+#     email: 'dummy@ansibleguy.net'
+#   example2:
+#     domains: ['example2.ansibleguy.net']
+#     email: 'dummy@ansibleguy.net'
diff --git a/meta/main.yml b/meta/main.yml
index 0e86c39..ea743f3 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -4,13 +4,17 @@ galaxy_info:
   author: 'AnsibleGuy <guy@ansibleguy.net>'
   namespace: 'ansibleguy'
   license: 'GPLv3'
-  issue_tracker_url: 'https://github.com/ansibleguy/ROLE/issues'
+  issue_tracker_url: 'https://github.com/ansibleguy/infra_certs/issues'
   min_ansible_version: 2.9.10
-  description: ''
+  description: 'Meat-role to generate/manage certificates for other roles'
   platforms:
     - name: Debian
       versions:
         - bullseye
-  galaxy_tags: []
+  galaxy_tags:
+    - 'certificates'
+    - 'certs'
+    - 'letsencrypt'
+    - 'certbot'
 
 collections: []
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index c925786..c8dcfe8 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -95,7 +95,7 @@
           cert:
             name: 'self_minca_pwd'
             domains: ['cert.test.ansibleguy.net']
-            ips: [ '192.168.0.1' ]
+            ips: ['192.168.0.1']
             cn: 'CA-Signed Server Cert'
             pwd: 'Nope.'
             key_usage: 'serverAuth'
diff --git a/tasks/internal/ca_minimal.yml b/tasks/internal/ca_minimal.yml
index eec657a..f5b3614 100644
--- a/tasks/internal/ca_minimal.yml
+++ b/tasks/internal/ca_minimal.yml
@@ -6,6 +6,9 @@
   ansible.builtin.file:
     path: "{{ config_ca.ca.path | default(config_ca.path, true) }}"
     state: directory
+    mode: 0750
+    owner: "{{ config_ca.owner_key }}"
+    group: "{{ config_ca.group_key }}"
 
 - name: Certificates | Internal | Minimal CA | Generate ca private key (encrypted key)
   community.crypto.openssl_privatekey:
diff --git a/tasks/internal/main.yml b/tasks/internal/main.yml
index 4c02174..2a32fd4 100644
--- a/tasks/internal/main.yml
+++ b/tasks/internal/main.yml
@@ -16,6 +16,9 @@
   ansible.builtin.file:
     path: "{{ CERT_CONFIG.path }}"
     state: directory
+    mode: 0750
+    owner: "{{ CERT_CONFIG.owner_key }}"
+    group: "{{ CERT_CONFIG.group_key }}"
   tags: [certs, ca]
 
 - name: Certificates | Internal | Minimal CA