diff --git a/README.md b/README.md
index e04602177..be7b78a9f 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,11 @@ configuration of Icinga 2 on multiple operating systems.
 For Icinga 2 v2.8.0 and higher version v1.3.4 and above is needed and the parameter repositoryd
 can set to false. See issue #403.
 
-As from version 2.0 of this module only supports Icinga 2 v2.8.0 or higher.
+### v2.0.0
+
+* Requires Icinga 2 v2.8.0 or higher.
+* Feature `api`:
+ * Parameters `ssl_key_path`, `ssl_cert_path`, `ssl_csr_path` and `ssl_ca_path` removed.
 
 ## Module Description
 
diff --git a/manifests/feature/api.pp b/manifests/feature/api.pp
index 591e36b57..5f208fd4d 100644
--- a/manifests/feature/api.pp
+++ b/manifests/feature/api.pp
@@ -159,31 +159,27 @@
 #
 #
 class icinga2::feature::api(
-  Enum['absent', 'present']               $ensure                           = present,
-  Enum['ca', 'icinga2', 'none', 'puppet'] $pki                              = 'puppet',
-  Optional[Stdlib::Absolutepath]          $ssl_key_path                     = undef,
-  Optional[Stdlib::Absolutepath]          $ssl_cert_path                    = undef,
-  Optional[Stdlib::Absolutepath]          $ssl_csr_path                     = undef,
-  Optional[Stdlib::Absolutepath]          $ssl_cacert_path                  = undef,
-  Optional[Stdlib::Absolutepath]          $ssl_crl_path                     = undef,
-  Boolean                                 $accept_config                    = false,
-  Boolean                                 $accept_commands                  = false,
-  Optional[String]                        $ca_host                          = undef,
-  Integer[1,65535]                        $ca_port                          = 5665,
-  String                                  $ticket_salt                      = 'TicketSalt',
-  Hash                                    $endpoints                        = { 'NodeName' => {} },
-  Hash                                    $zones                            = { 'ZoneName' => { endpoints => [ 'NodeName' ] } },
-  Optional[String]                        $ssl_key                          = undef,
-  Optional[String]                        $ssl_cert                         = undef,
-  Optional[String]                        $ssl_cacert                       = undef,
-  Optional[String]                        $ssl_protocolmin                  = undef,
-  Optional[String]                        $ssl_cipher_list                  = undef,
-  Optional[String]                        $bind_host                        = undef,
-  Optional[Integer[1,65535]]              $bind_port                        = undef,
-  Optional[Array[String]]                 $access_control_allow_origin      = undef,
-  Boolean                                 $access_control_allow_credentials = true,
-  String                                  $access_control_allow_headers     = 'Authorization',
-  Array[String]                           $access_control_allow_methods     = ['GET', 'POST', 'PUT', 'DELETE'],
+  Enum['absent', 'present']                               $ensure                           = present,
+  Enum['ca', 'icinga2', 'none', 'puppet']                 $pki                              = 'puppet',
+  Optional[Stdlib::Absolutepath]                          $ssl_crl_path                     = undef,
+  Optional[Boolean]                                       $accept_config                    = undef,
+  Optional[Boolean]                                       $accept_commands                  = undef,
+  Optional[String]                                        $ca_host                          = undef,
+  Integer[1,65535]                                        $ca_port                          = 5665,
+  String                                                  $ticket_salt                      = 'TicketSalt',
+  Hash[String, Hash]                                      $endpoints                        = { 'NodeName' => {} },
+  Hash[String, Hash]                                      $zones                            = { 'ZoneName' => { endpoints => [ 'NodeName' ] } },
+  Optional[String]                                        $ssl_key                          = undef,
+  Optional[String]                                        $ssl_cert                         = undef,
+  Optional[String]                                        $ssl_cacert                       = undef,
+  Optional[Enum['TLSv1', 'TLSv1.1', 'TLSv1.2']]           $ssl_protocolmin                  = undef,
+  Optional[String]                                        $ssl_cipher_list                  = undef,
+  Optional[String]                                        $bind_host                        = undef,
+  Optional[Integer[1,65535]]                              $bind_port                        = undef,
+  Optional[Array[Enum['GET', 'POST', 'PUT', 'DELETE']]]   $access_control_allow_methods     = undef,
+  Optional[Array[String]]                                 $access_control_allow_origin      = undef,
+  Optional[Boolean]                                       $access_control_allow_credentials = undef,
+  Optional[String]                                        $access_control_allow_headers     = undef,
 ) {
 
   if ! defined(Class['::icinga2']) {
@@ -216,22 +212,10 @@
   }
 
   # Set defaults for certificate stuff
-  if $ssl_key_path {
-    $_ssl_key_path = $ssl_key_path }
-  else {
-    $_ssl_key_path = "${pki_dir}/${node_name}.key" }
-  if $ssl_cert_path {
-    $_ssl_cert_path = $ssl_cert_path }
-  else {
-    $_ssl_cert_path = "${pki_dir}/${node_name}.crt" }
-  if $ssl_csr_path {
-    $_ssl_csr_path = $ssl_csr_path }
-  else {
-    $_ssl_csr_path = "${pki_dir}/${node_name}.csr" }
-  if $ssl_cacert_path {
-    $_ssl_cacert_path = $ssl_cacert_path }
-  else {
-    $_ssl_cacert_path = "${pki_dir}/ca.crt" }
+  $_ssl_key_path = "${pki_dir}/${node_name}.key"
+  $_ssl_cert_path = "${pki_dir}/${node_name}.crt"
+  $_ssl_csr_path = "${pki_dir}/${node_name}.csr"
+  $_ssl_cacert_path = "${pki_dir}/ca.crt"
 
   # handle the certificate's stuff
   case $pki {
@@ -340,9 +324,6 @@
 
   # compose attributes
   $attrs = {
-    cert_path                        => $_ssl_cert_path,
-    key_path                         => $_ssl_key_path,
-    ca_path                          => $_ssl_cacert_path,
     crl_path                         => $ssl_crl_path,
     accept_commands                  => $accept_commands,
     accept_config                    => $accept_config,
diff --git a/manifests/init.pp b/manifests/init.pp
index 7188c3000..e61ca9b80 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -41,10 +41,6 @@
 #   own directory. This directory must be managed outside of this module as file resource
 #   with tag icinga2::config::file.
 #
-# [*repositoryd*]
-#   `repository.d` is removed since Icinga 2 2.8.0, set to true (default) will handle the directory.
-#   This Parameter will change to false by default in v2.0.0 and will be removed in the future.
-#
 # All default parameters are set in the icinga2::params class. To get more technical information have a look into the
 # params.pp manifest.
 #
@@ -152,7 +148,6 @@
   Hash                       $constants      = {},
   Array                      $plugins        = $icinga2::params::plugins,
   Variant[Boolean, String]   $confd          = true,
-  Boolean                    $repositoryd    = true,
 ) inherits ::icinga2::params {
 
   # validate confd, boolean or string
diff --git a/manifests/install.pp b/manifests/install.pp
index c25454e90..3827e987c 100644
--- a/manifests/install.pp
+++ b/manifests/install.pp
@@ -22,7 +22,6 @@
   $conf_dir       = $::icinga2::params::conf_dir
   $user           = $::icinga2::params::user
   $group          = $::icinga2::params::group
-  $repositoryd    = $::icinga2::repositoryd
 
   if $manage_package {
     if $::osfamily == 'windows' { Package { provider => chocolatey, } }
@@ -39,12 +38,6 @@
     group  => $group,
   }
 
-  # deprecated, removed in Icinga 2 v2.8.0
-  $_ensure = $repositoryd ? {
-    true    => 'directory',
-    default => 'absent',
-  }
-
   file { "${conf_dir}/repository.d":
     ensure  => $_ensure,
     owner   => $user,
diff --git a/manifests/params.pp b/manifests/params.pp
index d96c66268..de78b6003 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -89,7 +89,7 @@
       $run_dir              = '/var/run/icinga2'
       $spool_dir            = '/var/spool/icinga2'
       $cache_dir            = '/var/cache/icinga2'
-      $pki_dir              = "${conf_dir}/pki"
+      $pki_dir              = '/var/lib/icinga2/certs'
       $ca_dir               = '/var/lib/icinga2/ca'
       $ido_pgsql_package    = 'icinga2-ido-pgsql'
       $ido_pgsql_schema_dir = '/usr/share/icinga2-ido-pgsql/schema'
@@ -151,7 +151,7 @@
       $run_dir              = 'C:/ProgramData/icinga2/var/run/icinga2'
       $spool_dir            = 'C:/ProgramData/icinga2/var/spool/icinga2'
       $cache_dir            = 'C:/ProgramData/icinga2/var/cache/icinga2'
-      $pki_dir              = "${conf_dir}/pki"
+      $pki_dir              = 'C:/ProgramData/icinga2/var/lib/icinga2/certs'
       $ca_dir               = 'C:/ProgramData/icinga2/var/lib/icinga2/ca'
       $ido_pgsql_package    = undef
       $ido_pgsql_schema_dir = undef
@@ -176,7 +176,7 @@
       $run_dir              = '/var/run/icinga2'
       $spool_dir            = '/var/spool/icinga2'
       $cache_dir            = '/var/cache/icinga2'
-      $pki_dir              = "${conf_dir}/pki"
+      $pki_dir              = '/var/lib/icinga2/certs'
       $ca_dir               = '/var/lib/icinga2/ca'
       $user                 = 'icinga'
       $group                = 'icinga'