diff --git a/cmd/flags.go b/cmd/flags.go
index 40bb053..47866ee 100644
--- a/cmd/flags.go
+++ b/cmd/flags.go
@@ -144,8 +144,8 @@ var (
 			EnvVars: []string{"ACME_EAB_HMAC"},
 		},
 		&cli.StringFlag{
-			Name: "dns-provider",
-			// TODO: Usage
+			Name:    "dns-provider",
+			Usage:   "Use DNS-Challenge for main domain\n\nRead more at: https://go-acme.github.io/lego/dns/",
 			EnvVars: []string{"DNS_PROVIDER"},
 		},
 	}...)
diff --git a/server/certificates/acme_client.go b/server/certificates/acme_client.go
index 2dbaaf4..8e63c84 100644
--- a/server/certificates/acme_client.go
+++ b/server/certificates/acme_client.go
@@ -1,6 +1,7 @@
 package certificates
 
 import (
+	"fmt"
 	"sync"
 	"time"
 
@@ -15,8 +16,6 @@ type AcmeClient struct {
 	legoClient           *lego.Client
 	mainDomainLegoClient *lego.Client
 
-	dnsProvider string
-
 	obtainLocks sync.Map
 
 	acmeUseRateLimits bool
@@ -61,13 +60,13 @@ func NewAcmeClient(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider strin
 				log.Error().Err(err).Msg("Can't create TLS-ALPN-01 provider")
 			}
 		} else {
+			// use DNS-Challenge https://go-acme.github.io/lego/dns/
 			provider, err := dns.NewDNSChallengeProviderByName(dnsProvider)
 			if err != nil {
-				log.Error().Err(err).Msg("Can't create DNS Challenge provider")
+				return nil, fmt.Errorf("can not create DNS Challenge provider: %w", err)
 			}
-			err = mainDomainAcmeClient.Challenge.SetDNS01Provider(provider)
-			if err != nil {
-				log.Error().Err(err).Msg("Can't create DNS-01 provider")
+			if err := mainDomainAcmeClient.Challenge.SetDNS01Provider(provider); err != nil {
+				return nil, fmt.Errorf("can not create DNS-01 provider: %w", err)
 			}
 		}
 	}
@@ -76,8 +75,6 @@ func NewAcmeClient(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider strin
 		legoClient:           acmeClient,
 		mainDomainLegoClient: mainDomainAcmeClient,
 
-		dnsProvider: dnsProvider,
-
 		acmeUseRateLimits: acmeUseRateLimits,
 
 		obtainLocks: sync.Map{},