diff --git a/modules/services/step-ca/mtls.nix b/modules/services/step-ca/mtls.nix
index bd4585b..7eda11f 100644
--- a/modules/services/step-ca/mtls.nix
+++ b/modules/services/step-ca/mtls.nix
@@ -67,11 +67,11 @@ in
   flake.modules.nixos.mtls = { config, lib, pkgs, ... }:
   let
     cfg = config.mtls;
-    certDir = cfg.certDir;
+    certDir = "/etc/step/certs";
     tlsKey = "${certDir}/${cfg.keyFilename}";
     tlsCert = "${certDir}/${cfg.certFilename}";
     mtlsBundle = "${certDir}/${cfg.bundleFilename}";
-    rootCA = "${cfg.certDir}/certs/root_ca.crt";
+    rootCA = "${certDir}/root_ca.crt";
     sanArgs = lib.concatMapStringsSep " " (san: "--san \"${san}\"") cfg.san;
     renewReloadScript = lib.concatMapStringsSep "\n" (unit: ''
       if ${lib.getExe' pkgs.systemd "systemctl"} --quiet is-active "${unit}"; then