diff --git a/automation/roles/vip-manager/templates/vip-manager.yml.j2 b/automation/roles/vip-manager/templates/vip-manager.yml.j2
index f20e051d4..93388e57c 100644
--- a/automation/roles/vip-manager/templates/vip-manager.yml.j2
+++ b/automation/roles/vip-manager/templates/vip-manager.yml.j2
@@ -66,14 +66,10 @@ etcd-password: {{ patroni_etcd_password | default("") }}
 {% endif %}
 {% if tls_cert_generate | default(false) | bool %}
 # when etcd-ca-file is specified, TLS connections to the etcd endpoints will be used.
-etcd-ca-file: {{ tls_ca_cert_path | default('/etc/tls/ca.crt') }}
-{% endif %}
-{% if tls_cert_generate | default(false) | bool %}
+etcd-ca-file: {{ tls_etcd_ca_cert_path | default('/etc/etcd/ca.crt') }}
 # when etcd-cert-file and etcd-key-file are specified, we will authenticate at the etcd endpoints using this certificate and key.
-etcd-cert-file: {{ tls_cert_path | default('/etc/tls/server.crt') }}
-{% endif %}
-{% if tls_cert_generate | default(false) | bool %}
-etcd-key-file: {{ tls_privatekey_path | default('/etc/tls/server.key') }}
+etcd-cert-file: {{ tls_etcd_cert_path | default('/etc/etcd/server.crt') }}
+etcd-key-file: {{ tls_etcd_privatekey_path | default('/etc/etcd/server.key') }}
 {% endif %}
 {% endif %}