diff --git a/examples/host-vars.yml b/examples/host-vars.yml
index d7abcb93..ef911ecf 100644
--- a/examples/host-vars.yml
+++ b/examples/host-vars.yml
@@ -5,7 +5,7 @@
 # an email notification there.
 #
 # Example value: someone@example.com
-host_specific_ssl_support_email: YOUR_EMAIL_ADDRESS_HERE
+host_specific_matrix_ssl_support_email: YOUR_EMAIL_ADDRESS_HERE
 
 # This is your bare domain name (`<your-domain`).
 #
diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml
index db6d6d8f..d61af287 100644
--- a/roles/matrix-server/defaults/main.yml
+++ b/roles/matrix-server/defaults/main.yml
@@ -11,9 +11,6 @@ hostname_matrix: "matrix.{{ hostname_identity }}"
 # This and the Matrix hostname (see above) are expected to be on the same server.
 hostname_riot: "riot.{{ hostname_identity }}"
 
-ssl_certs_path: /etc/pki/acmetool-certs
-ssl_support_email: "{{ host_specific_ssl_support_email }}"
-
 matrix_user_username: "matrix"
 matrix_user_uid: 991
 matrix_user_gid: 991
@@ -27,6 +24,8 @@ matrix_postgres_connection_password: "synapse-password"
 matrix_postgres_db_name: "homeserver"
 
 matrix_base_data_path: "/matrix"
+matrix_ssl_certs_path: "{{ matrix_base_data_path }}/ssl"
+matrix_ssl_support_email: "{{ host_specific_matrix_ssl_support_email }}"
 matrix_environment_variables_data_path: "{{ matrix_base_data_path }}/environment-variables"
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
 matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
diff --git a/roles/matrix-server/tasks/setup_main.yml b/roles/matrix-server/tasks/setup_main.yml
index 2c3cec4e..75ab6c87 100644
--- a/roles/matrix-server/tasks/setup_main.yml
+++ b/roles/matrix-server/tasks/setup_main.yml
@@ -17,4 +17,14 @@
   file:
     path: "{{ matrix_environment_variables_data_path }}"
     state: directory
-    mode: 0700
\ No newline at end of file
+    mode: 0700
+
+- name: Ensure Matrix base path exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - "{{ matrix_synapse_base_path }}"
\ No newline at end of file
diff --git a/roles/matrix-server/tasks/setup_postgres.yml b/roles/matrix-server/tasks/setup_postgres.yml
index 04b186fa..c52e0b6a 100644
--- a/roles/matrix-server/tasks/setup_postgres.yml
+++ b/roles/matrix-server/tasks/setup_postgres.yml
@@ -48,7 +48,7 @@
 # Tasks related to getting rid of the internal postgres server (if it was previously enabled)
 #
 
-- name: Check existance of matrix-postgres service
+- name: Check existence of matrix-postgres service
   stat: path="/etc/systemd/system/matrix-postgres.service"
   register: matrix_postgres_service_stat
   when: matrix_postgres_use_external
@@ -63,7 +63,7 @@
     state: absent
   when: "matrix_postgres_use_external and matrix_postgres_service_stat.stat.exists"
 
-- name: Check existance of matrix-postgres local data path
+- name: Check existence of matrix-postgres local data path
   stat: path="{{ matrix_postgres_data_path }}"
   register: matrix_postgres_data_path_stat
   when: matrix_postgres_use_external
@@ -72,4 +72,4 @@
 - name: Notify if matrix-postgres local data remains
   debug:
     msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in {{ matrix_postgres_data_path }}. Feel free to delete that."
-  when: "matrix_postgres_use_external and matrix_postgres_data_path_stat.stat.exists"
\ No newline at end of file
+  when: "matrix_postgres_use_external and matrix_postgres_data_path_stat.stat.exists"
diff --git a/roles/matrix-server/tasks/setup_s3fs.yml b/roles/matrix-server/tasks/setup_s3fs.yml
index b37cc568..15fe590b 100644
--- a/roles/matrix-server/tasks/setup_s3fs.yml
+++ b/roles/matrix-server/tasks/setup_s3fs.yml
@@ -26,7 +26,7 @@
 # Tasks related to getting rid of s3fs (if it was previously enabled)
 #
 
-- name: Check existance of matrix-s3fs service
+- name: Check existence of matrix-s3fs service
   stat: path="/etc/systemd/system/matrix-s3fs.service"
   register: matrix_s3fs_service_stat
 
@@ -51,4 +51,4 @@
   docker_image:
     name: "{{ docker_s3fs_image }}"
     state: absent
-  when: "not matrix_s3_media_store_enabled"
\ No newline at end of file
+  when: "not matrix_s3_media_store_enabled"
diff --git a/roles/matrix-server/tasks/setup_ssl.yml b/roles/matrix-server/tasks/setup_ssl.yml
index c9b7afe0..21242392 100644
--- a/roles/matrix-server/tasks/setup_ssl.yml
+++ b/roles/matrix-server/tasks/setup_ssl.yml
@@ -17,7 +17,7 @@
 
 - name: Ensure SSL certificates path exists
   file:
-    path: "{{ ssl_certs_path }}"
+    path: "{{ matrix_ssl_certs_path }}"
     state: directory
     mode: 0770
     owner: "{{ matrix_user_username }}"
@@ -34,10 +34,13 @@
 - name: Ensure SSL certificates are marked as wanted in acmetool
   shell: >-
     /usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
-    -v {{ ssl_certs_path }}:/certs
-    -e ACME_EMAIL={{ ssl_support_email }}
+    -v {{ matrix_ssl_certs_path }}:/certs
+    -e ACME_EMAIL={{ matrix_ssl_support_email }}
     willwill/acme-docker
-    acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug
+    acmetool want {{ item }} --xlog.severity=debug
+  with_items:
+    - "{{ hostname_matrix }}"
+    - "{{ hostname_riot }}"
 
 - name: Ensure matrix-nginx-proxy is started (if previously installed & started)
   service: name=matrix-nginx-proxy state=started
@@ -45,6 +48,6 @@
 
 - name: Ensure periodic SSL renewal cronjob configured
   template:
-    src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"
-    dest: "/etc/cron.d/ssl-certificate-renewal"
+    src: "{{ role_path }}/templates/cron.d/matrix-ssl-certificate-renewal.j2"
+    dest: "/etc/cron.d/matrix-ssl-certificate-renewal"
     mode: 0600
diff --git a/roles/matrix-server/tasks/setup_synapse.yml b/roles/matrix-server/tasks/setup_synapse.yml
index bd5ddc7b..7cb42728 100644
--- a/roles/matrix-server/tasks/setup_synapse.yml
+++ b/roles/matrix-server/tasks/setup_synapse.yml
@@ -8,7 +8,6 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
   with_items:
-    - "{{ matrix_synapse_base_path }}"
     - "{{ matrix_synapse_config_dir_path }}"
     - "{{ matrix_synapse_run_path }}"
     # We handle matrix_synapse_media_store_path below, not here,
diff --git a/roles/matrix-server/templates/cron.d/matrix-periodic-restarter.j2 b/roles/matrix-server/templates/cron.d/matrix-periodic-restarter.j2
index 174eb36b..719ca253 100644
--- a/roles/matrix-server/templates/cron.d/matrix-periodic-restarter.j2
+++ b/roles/matrix-server/templates/cron.d/matrix-periodic-restarter.j2
@@ -1,8 +1,8 @@
-MAILTO="{{ ssl_support_email }}"
+MAILTO="{{ matrix_ssl_support_email }}"
 
 # This periodically restarts the Matrix services
 # to ensure they're using the latest SSL certificate
-# in case it got renewed by the `ssl-certificate-renewal` cronjob
+# in case it got renewed by the `matrix-ssl-certificate-renewal` cronjob
 # (which happens once every ~2-3 months).
 #
 # Because `matrix-nginx-proxy.service` depends on `matrix-synapse.service`,
diff --git a/roles/matrix-server/templates/cron.d/ssl-certificate-renewal.j2 b/roles/matrix-server/templates/cron.d/matrix-ssl-certificate-renewal.j2
similarity index 76%
rename from roles/matrix-server/templates/cron.d/ssl-certificate-renewal.j2
rename to roles/matrix-server/templates/cron.d/matrix-ssl-certificate-renewal.j2
index cf67917f..3769bf1a 100644
--- a/roles/matrix-server/templates/cron.d/ssl-certificate-renewal.j2
+++ b/roles/matrix-server/templates/cron.d/matrix-ssl-certificate-renewal.j2
@@ -1,4 +1,4 @@
-MAILTO="{{ ssl_support_email }}"
+MAILTO="{{ matrix_ssl_support_email }}"
 
 # The goal of this cronjob is to ask acmetool to check
 # the current SSL certificates and to see if some need renewal.
@@ -18,4 +18,4 @@ MAILTO="{{ ssl_support_email }}"
 # These files can be retrieved via any vhost on port 80 of matrix-nginx-proxy,
 # because it aliases `/.well-known/acme-challenge` to that same directory.
 
-15 4 */5 * * root /usr/bin/docker run --rm --name acmetool-host-grab --net=host -v {{ ssl_certs_path }}:/certs -v {{ ssl_certs_path }}/run:/var/run/acme -e ACME_EMAIL={{ ssl_support_email }} willwill/acme-docker acmetool --batch reconcile # --xlog.severity=debug
+15 4 */5 * * root /usr/bin/docker run --rm --name acmetool-host-grab --net=host -v {{ matrix_ssl_certs_path }}:/certs -v {{ matrix_ssl_certs_path }}/run:/var/run/acme -e ACME_EMAIL={{ matrix_ssl_support_email }} willwill/acme-docker acmetool --batch reconcile # --xlog.severity=debug
diff --git a/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2
index 3b9cfbbb..5a47939b 100644
--- a/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2
@@ -17,7 +17,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
 			--link matrix-synapse:synapse \
 			--link matrix-riot-web:riot \
 			-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d \
-			-v {{ ssl_certs_path }}:/acmetool-certs \
+			-v {{ matrix_ssl_certs_path }}:/acmetool-certs \
 			{{ docker_nginx_image }}
 ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
 ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
diff --git a/roles/matrix-server/templates/systemd/matrix-synapse.service.j2 b/roles/matrix-server/templates/systemd/matrix-synapse.service.j2
index fd755d36..e14e8d23 100644
--- a/roles/matrix-server/templates/systemd/matrix-synapse.service.j2
+++ b/roles/matrix-server/templates/systemd/matrix-synapse.service.j2
@@ -15,7 +15,7 @@ Requires=matrix-s3fs.service
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-synapse
 ExecStartPre=-/usr/bin/docker rm matrix-synapse
-ExecStartPre=-{{ '/usr/bin/chown' if ansible_os_family == 'RedHat' else '/bin/chown' }} {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R
+ExecStartPre=-{{ '/usr/bin/chown' if ansible_os_family == 'RedHat' else '/bin/chown' }} {{ matrix_user_username }}:{{ matrix_user_username }} {{ matrix_ssl_certs_path }} -R
 ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
 			{% if not matrix_postgres_use_external %}
 			--link matrix-postgres:{{ matrix_postgres_connection_hostname }} \
@@ -27,7 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
 			-v {{ matrix_synapse_config_dir_path }}:/data \
 			-v {{ matrix_synapse_run_path }}:/matrix-run \
 			-v {{ matrix_synapse_media_store_path }}:/matrix-media-store \
-			-v {{ ssl_certs_path }}:/acmetool-certs \
+			-v {{ matrix_ssl_certs_path }}:/acmetool-certs \
 			{{ docker_matrix_image }}
 ExecStop=-/usr/bin/docker kill matrix-synapse
 ExecStop=-/usr/bin/docker rm matrix-synapse