Run as root and explicitly set the ownership.

tasks/main.yml

@@ -116,12 +116,12 @@
       tags: ['letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts']
 
 - name: Acme.sh distribution
-  become: true
-  become_user: '{{ letsencrypt_acme_sh_user }}'
   when: letsencrypt_acme_sh_install | bool
   tags: ['letsencrypt', 'letsencrypt_acme_sh']
   block:
     - name: Download the acme.sh distribution
+      become: true
+      become_user: "{{ letsencrypt_acme_user }}"
       ansible.builtin.git:
         repo: "{{ letsencrypt_acme_sh_git_url }}"
         dest: "{{ letsencrypt_acme_git_dest_dir }}"
@@ -134,6 +134,8 @@
       ansible.builtin.file:
         dest: "{{ item }}"
         state: directory
+        owner: "{{ letsencrypt_acme_user }}"
+        group: "{{ letsencrypt_acme_user }}"
         mode: 0755
       with_items: '{{ letsencrypt_acme_sh_dirs }}'
 
@@ -146,9 +148,9 @@
       ansible.builtin.template:
         src: account.conf.j2
         dest: "{{ letsencrypt_acme_sh_base_data_dir }}/data/account.conf"
-        owner: root
+        owner: "{{ letsencrypt_acme_user }}"
         group: "{{ letsencrypt_acme_user }}"
-        mode: 0640
+        mode: 0440
       tags: ['letsencrypt', 'letsencrypt_account_conf', 'letsencrypt_acme_sh']
 
 - name: Certificates management