diff --git a/README.md b/README.md
index 2bb04de..82e1234 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
 
 This role runs [acme-lego](https://go-acme.github.io/lego/) on the localhost, such that the acme account and DNS api credentials are never communicated to the server. It also creates boilerplate nginx configuration in accordance with the Mozilla's recomended TLS configuration.
 
+This role supports using multiple providers at the same time, just source all the credentials needed beforehand.
+
 ## Requirements
 
 The `nginx_config` role which is distributed in the nginx_core collection.
@@ -23,6 +25,16 @@ acme_domains:
   - { domain: myhost.example.com, provider: easydns }
 ```
 
+Lego uses environment variables to authenticate to your DNS provider. You should source those secrets as environment variables before running the playbook.
+
+If for some reason you cannot source the environment variables ahead of running the playbook, you can define them as Ansible variables.
+
+```yaml
+lego_environment:
+  - NAMECHEAP_API_USER: '...'
+  - NAMECHEAP_API_KEY: '...'
+```
+
 ## Secrets
 
 The api keys are sprinkled throughout the task as environment variables until I come up with a smarter way to do that.
diff --git a/defaults/main.yml b/defaults/main.yml
index 8e02f9b..32fc3f2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,12 +4,11 @@ acme_system_user: acme
 acme_system_group: acme
 nginx_config_dhparam: "{{ acme_path }}/dhparams.pem"
 nginx_user: nginx
-#EASYDNS_TOKEN: "{{ lookup('ansible.builtin.env', 'EASYDNS_TOKEN') }}"
-#EASYDNS_KEY: "{{ lookup('ansible.builtin.env', 'EASYDNS_KEY') }}"
-NAMECHEAP_API_USER: "{{ lookup('ansible.builtin.env', 'NAMECHEAP_API_USER') }}"
-NAMECHEAP_API_KEY: "{{ lookup('ansible.builtin.env', 'NAMECHEAP_API_KEY') }}"
 
-# lego_path refers to the local ansible user's home directory, used in delegate_to: localhost
+lego_environment:
+  EXAMPLE_DNS_PROVIDER_USERNAME: "example"
+
+# lego_path refers to the local ansible user's home directory, used in a task with delegate_to: localhost
 lego_path: ~/.secrets/acme
 # This might work if the playbook is executing as the local user:
 #lego_path: "{{ ansible_env.HOME }}/.secrets/acme/certificates"
\ No newline at end of file
diff --git a/tasks/lego.yml b/tasks/lego.yml
index 8257cf4..32ef67d 100644
--- a/tasks/lego.yml
+++ b/tasks/lego.yml
@@ -24,11 +24,8 @@
   changed_when: False
   ignore_errors: true
   tags: lego
-  environment:
-#   EASYDNS_TOKEN: "{{ EASYDNS_TOKEN }}"
-#   EASYDNS_KEY: "{{ EASYDNS_KEY }}"
-    NAMECHEAP_API_USER: "{{ NAMECHEAP_API_USER }}"
-    NAMECHEAP_API_KEY: "{{ NAMECHEAP_API_KEY }}"
+  environment: []
+# environment: "{{ lego_environment }}"
   
 - name: Print lego output with dns.disable-cp
   ansible.builtin.debug:
@@ -47,11 +44,8 @@
   delegate_to: localhost
   changed_when: False
   tags: lego
-  environment:
-#   EASYDNS_TOKEN: "{{ EASYDNS_TOKEN }}"
-#   EASYDNS_KEY: "{{ EASYDNS_KEY }}"
-    NAMECHEAP_API_USER: "{{ NAMECHEAP_API_USER }}"
-    NAMECHEAP_API_KEY: "{{ NAMECHEAP_API_KEY }}"
+  environment: []
+# environment: "{{ lego_environment }}"
   
 - name: Print lego output without dns.disable-cp
   ansible.builtin.debug:
diff --git a/tasks/main.yml b/tasks/main.yml
index d96fead..0aa3529 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,11 +1,12 @@
 ---
-- name: Assert all secrets have been configured.
+- name: Assert secrets have been configured.
   ansible.builtin.assert:
     that:
-      - NAMECHEAP_API_USER != ''
-      - NAMECHEAP_API_KEY != ''
-    fail_msg: "FAILED: Secrets have not been configured."
-  no_log: true
+      - acme_domains is defined
+      - acme_email is defined
+      - acme_email != ''
+    fail_msg: "FAILED: No ACME variables have been configured for this host."
+# no_log: true
 
 - name: Set up the ACME system user and group.
   import_tasks: setup-user.yml