diff --git a/README.md b/README.md
index 1585828..f381fef 100644
--- a/README.md
+++ b/README.md
@@ -143,3 +143,8 @@ There are also some useful **tags** available:
 * selfsigned
 * config
 * certs
+
+To debug errors - you can set the 'debug' variable at runtime:
+```bash
+ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
+```
diff --git a/defaults/main.yml b/defaults/main.yml
index 0647ce4..29ee7e6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,9 @@
 ---
 
 # default config => is overwritten by provided config
-default_certs:
+defaults_certs:
   mode: 'selfsigned'  # selfsigned, ca, pki, le_certbot
-  path: '/etc/certs'
+  path: '/etc/ssl/ansible'
 
   cert:
     name:
@@ -76,10 +76,11 @@ default_certs:
     locality:
     email:
 
+CERT_CONFIG: "{{ defaults_certs | combine(certs, recursive=true) }}"
 
-CERT_CONFIG: "{{ default_certs | combine(certs, recursive=true) }}"
-
-default_le_certbot_cert_config:
+default_le_certbot_cert:
   domains: []
   state: 'present'
   email:
+
+debug: false
diff --git a/tasks/debian/letsencrypt/cert.yml b/tasks/debian/letsencrypt/cert.yml
index 3c58169..65f684b 100644
--- a/tasks/debian/letsencrypt/cert.yml
+++ b/tasks/debian/letsencrypt/cert.yml
@@ -13,7 +13,7 @@
 
 - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
   ansible.builtin.debug:
-    msg: "certbot certonly --non-interactive --agree-tos --no-redirect
+    msg: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug %} --staging{% endif %}
     --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
     -{{ CERT_CONFIG.letsencrypt.verbosity }}
     --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
@@ -23,7 +23,7 @@
   when: le_changed
 
 - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Running certbot"
-  ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect
+  ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug %} --staging{% endif %}
     --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
     -{{ CERT_CONFIG.letsencrypt.verbosity }}
     --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
diff --git a/tasks/debian/letsencrypt/main.yml b/tasks/debian/letsencrypt/main.yml
index 5576e48..5b165ea 100644
--- a/tasks/debian/letsencrypt/main.yml
+++ b/tasks/debian/letsencrypt/main.yml
@@ -28,7 +28,7 @@
     - le_cert.domains | length > 0
     - le_cert.state == 'present'
   vars:
-    le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
+    le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
     le_name: "{{ cert_item.key | safe_key }}"
     le_path: "{{ CERT_CONFIG.letsencrypt.path }}/live/{{ le_name }}"
     le_changed: "{{ existing_certs_raw.stdout | le_domains_changed(le_name, le_cert.domains) }}"
@@ -39,24 +39,24 @@
 
 # todo: task gets stuck
 - name: Certificates | Debian | LetsEncrypt Certbot | Revoking certificates
-  ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}"
+  ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}{% if debug %} --staging{% endif %}"
   when:
     - le_cert.state != 'present'
     - existing_certs_raw.stdout.find(le_name) != -1
   vars:
-    le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
+    le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
     le_name: "{{ cert_item.key | safe_key }}"
   loop_control:
     loop_var: cert_item
   with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"
 
 - name: Certificates | Debian | LetsEncrypt Certbot | Deleting certificates
-  ansible.builtin.command: "certbot delete --cert-name {{ le_name }}"
+  ansible.builtin.command: "certbot delete --cert-name {{ le_name }}{% if debug %} --staging{% endif %}"
   when:
     - le_cert.state != 'present'
     - existing_certs_raw.stdout.find(le_name) != -1
   vars:
-    le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
+    le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
     le_name: "{{ cert_item.key | safe_key }}"
   loop_control:
     loop_var: cert_item
@@ -89,6 +89,6 @@
     state: started
 
 - name: Certificates | Debian | LetsEncrypt Certbot | Running renewal
-  ansible.builtin.command: 'certbot renew --force-renewal'
+  ansible.builtin.command: "certbot renew --force-renewal{% if debug %} --staging{% endif %}"
   when: CERT_CONFIG.letsencrypt.renew
   ignore_errors: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 488ccbd..76e0b7e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,10 +1,23 @@
 ---
 
 - name: Certificates | Checking config
-  ansible.builtin.fail:
-    msg: "The required configuration was not provided!
-    Needed: 'certs'"
-  when: certs is undefined
+  ansible.builtin.assert:
+    that:
+      - certs is defined
+
+- name: Certificates | Showing debug info - user provided config
+  ansible.builtin.debug:
+    var: certs
+  when:
+    - debug is defined
+    - debug
+
+- name: Certificates | Showing debug info - running config
+  ansible.builtin.debug:
+    var: CERT_CONFIG
+  when:
+    - debug is defined
+    - debug
 
 - name: Certificates | Internal signed
   ansible.builtin.include_tasks: internal/main.yml