diff --git a/roles/letsencrypt/defaults/main.yml b/roles/letsencrypt/defaults/main.yml
index 416ca50..2dab5fb 100644
--- a/roles/letsencrypt/defaults/main.yml
+++ b/roles/letsencrypt/defaults/main.yml
@@ -1,5 +1,8 @@
 ---
 
+# Set the API endpoint to use. Default is to use https://acme-v02.api.letsencrypt.org/directory
+# letsencrypt_ca: https://acme-staging.api.letsencrypt.org/directory
+
 # letsencrypt_key_size: 4096
 # letsencrypt_renew_days: 30
 # Can be rsa, prime256v1 or secp384r1
diff --git a/roles/letsencrypt/templates/config.j2 b/roles/letsencrypt/templates/config.j2
index 525f7ff..1309ca7 100644
--- a/roles/letsencrypt/templates/config.j2
+++ b/roles/letsencrypt/templates/config.j2
@@ -1,3 +1,6 @@
+{% if letsencrypt_ca is defined %}
+CA={{ letsencrypt_ca }}
+{% endif %}
 IP_VERSION=4
 BASEDIR=/var/lib/dehydrated/certificates
 DOMAINS_TXT=/etc/dehydrated/domains.txt