diff --git a/letsencrypt-acmetool-client/defaults/main.yml b/letsencrypt-acmetool-client/defaults/main.yml
index 8fab9805..1ddbc325 100644
--- a/letsencrypt-acmetool-client/defaults/main.yml
+++ b/letsencrypt-acmetool-client/defaults/main.yml
@@ -29,9 +29,9 @@ letsencrypt_acme_rsa_key_size: 4096
 letsencrypt_acme_key_type: ecdsa
 letsencrypt_acme_ecdsa_curve: nistp256
 letsencrypt_acme_email: sysadmin@example.com
-# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service.
+# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured.
 # Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case.
-letsencrypt_acme_authenticator: proxy
+letsencrypt_acme_authenticator: listener
 
 # desired parameters
 letsencrypt_acme_domains: