diff --git a/README.md b/README.md
index 9c7123a1d733889bea34f821614d4483bf22550f..8ac419335e380bf797c19adc0b1e6a66c4beaa96 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ Create a playbook requirements and inventory file:
     touch requirements.yml
     touch playbook.yml
     touch inventory.ini
+    ansible.cfg
 
 Add the following to `requirements.yml`:
 
@@ -47,6 +48,15 @@ Install the role:
 ansible-galaxy install -r requirements.yml
 ```
 
+Add the following to `ansible.cfg`:
+
+```
+[defaults]
+# Needed to use become with unprevileged users,
+# see https://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user
+allow_world_readable_tmpfiles=true
+```
+
 Add the following to `playbook.yml`:
 
 ```yaml
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
index 48893b1ea728ee4ff86e50ea00121f19ee229a5b..d917820f625b18fa7ec81a693b9f8fd679168a0f 100644
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@@ -23,8 +23,8 @@ server {
     ssl_certificate {{ funkwhale_ssl_cert_path }};
     ssl_certificate_key {{ funkwhale_ssl_key_path }};
     {% else -%}
-    ssl_certificate /ect/lectsencrypt/live/{{ funkwhale_hostname }}/fullchain.pem;
-    ssl_certificate_key /ect/lectsencrypt/live/{{ funkwhale_hostname }}/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/{{ funkwhale_hostname }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ funkwhale_hostname }}/privkey.pem;
     {% endif -%}
     # from https://cipherli.st/
     ssl_prefer_server_ciphers on;