diff --git a/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt b/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
index ffdc5e2..16c95c0 100755
--- a/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
+++ b/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
@@ -11,13 +11,11 @@ mosquitto_dir="/etc/mosquitto"
 
 le_fullchain="$le_dir/fullchain.pem"
 mosquitto_fullchain="$mosquitto_dir/certs/fullchain.pem"
-cp "$le_fullchain" "$mosquitto_fullchain"
-chown mosquitto:root "$mosquitto_fullchain"
+install -m 644 -o mosquitto -g root "$le_fullchain" "$mosquitto_fullchain"
 
 le_key="$le_dir/privkey.pem"
 mosquitto_key="$mosquitto_dir/certs/privkey.pem"
-cp "$le_key" "$mosquitto_key"
-chown mosquitto:root "$mosquitto_key"
+install -m 600 -o mosquitto -g root "$le_key" "$mosquitto_key"
 
 # Tell mosquitto to reload certs
 pkill -x -HUP mosquitto