diff --git a/ansible/roles/podman/tasks/configuration-nginx.yml b/ansible/roles/podman/tasks/configuration-nginx.yml
index e7940b9..febecdd 100644
--- a/ansible/roles/podman/tasks/configuration-nginx.yml
+++ b/ansible/roles/podman/tasks/configuration-nginx.yml
@@ -5,7 +5,7 @@
     path: /srv/http/letsencrypt
     owner: "{{ podman_user }}"
     group: "{{ podman_user }}"
-    mode: 0644
+    mode: 0755
     state: directory
   tags:
     - ssl
diff --git a/ansible/roles/podman/tasks/container-pihole.yml b/ansible/roles/podman/tasks/container-pihole.yml
index 27163f1..0d24c00 100644
--- a/ansible/roles/podman/tasks/container-pihole.yml
+++ b/ansible/roles/podman/tasks/container-pihole.yml
@@ -11,6 +11,7 @@
   loop:
     - "{{ pihole_path }}/config"
     - "{{ pihole_path }}/dnsmasq"
+    - "/srv/http/letsencrypt"
   tags: pihole
 
 - name: flush handlers
diff --git a/ansible/roles/ssl/tasks/cron.yml b/ansible/roles/ssl/tasks/cron.yml
index ba45973..8a41718 100644
--- a/ansible/roles/ssl/tasks/cron.yml
+++ b/ansible/roles/ssl/tasks/cron.yml
@@ -5,5 +5,5 @@
     name: certbot_renew
     special_time: weekly
     job: >-
-      certbot renew --post-hook 'systemctl restart nginx'
+      certbot renew --post-hook "su -s /bin/sh podman -c 'podman restart nginx'"
   tags: cron