diff --git a/cookbooks/blog/ssl.rb b/cookbooks/blog/ssl.rb
index 7a05379..ed9b535 100644
--- a/cookbooks/blog/ssl.rb
+++ b/cookbooks/blog/ssl.rb
@@ -1,6 +1,8 @@
-remote_file "/etc/letsencrypt/live/#{node['blog']['FQDN']}/dhparams_4096.pem" do
+remote_file "/etc/lego/dhparams_4096.pem" do
   owner 'root'
   group 'root'
+  mode '444'
 end
 
-execute "openssl rand 48 > /etc/letsencrypt/live/#{node['blog']['FQDN']}/ticket.key"
+execute "openssl rand 48 > /etc/lego/ticket.key"
+
diff --git a/cookbooks/blog/files/etc/letsencrypt/live/blog.kazu634.com/dhparams_4096.pem b/cookbooks/nginx/files/etc/lego/dhparams_4096.pem
similarity index 100%
rename from cookbooks/blog/files/etc/letsencrypt/live/blog.kazu634.com/dhparams_4096.pem
rename to cookbooks/nginx/files/etc/lego/dhparams_4096.pem
diff --git a/cookbooks/nginx/lego.rb b/cookbooks/nginx/lego.rb
index 43679d4..c1dc3da 100644
--- a/cookbooks/nginx/lego.rb
+++ b/cookbooks/nginx/lego.rb
@@ -98,3 +98,11 @@ encrypted_remote_file '/etc/cron.d/lego' do
   source   'files/etc/cron.d/lego'
   password ENV['ITAMAE_PASSWORD']
 end
+
+remote_file "/etc/lego/dhparams_4096.pem" do
+  owner 'root'
+  group 'root'
+  mode '444'
+end
+
+execute "openssl rand 48 > /etc/lego/ticket.key"