diff --git a/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh b/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh
index d8576f85c9..68035ccd7e 100644
--- a/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh
+++ b/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh
@@ -7,9 +7,15 @@ CHALLENGE_ALIAS_DOMAIN=${CHALLENGE_ALIAS_DOMAIN:-acme.opendev.org.}
 LETSENCRYPT_STAGING=${LETSENCRYPT_STAGING:-0}
 LOG_FILE=${LOG_FILE:-/var/log/acme.sh/acme.sh.log}
 
-STAGING=""
+SERVER=""
 if [[ ${LETSENCRYPT_STAGING} != 0 ]]; then
-    STAGING="--staging"
+    # TODO acme.sh doesn't let us specify staging and also set the server.
+    # If --staging is passed then the built in default is used. Can/should
+    # we change this to --server letsencrypt_test?
+    SERVER="--staging"
+    #SERVER="--server letsencrypt_test"
+else
+    SERVER="--server letsencrypt"
 fi
 
 # Ensure we don't write out files as world-readable
@@ -29,7 +35,7 @@ if [[ ${1} == "issue" ]]; then
     # Ansible then parses this back to a dict.
     shift;
     for arg in "$@"; do
-        $ACME_SH ${STAGING} \
+        $ACME_SH ${SERVER} \
             --cert-home ${CERT_HOME} \
             --no-color \
             --yes-I-know-dns-manual-mode-enough-go-ahead-please \
@@ -55,7 +61,7 @@ elif [[ ${1} == "renew" ]]; then
         # when TXT records have been installed for this certificate;
         # i.e. we will never run this renewal unless it is actually
         # required.
-        $ACME_SH ${STAGING} \
+        $ACME_SH ${SERVER} \
             --cert-home ${CERT_HOME} \
             --no-color \
             --yes-I-know-dns-manual-mode-enough-go-ahead-please \