diff --git a/main.tf b/main.tf
index 40206f1..be2bd86 100644
--- a/main.tf
+++ b/main.tf
@@ -64,14 +64,14 @@ resource "ibm_sm_public_certificate_configuration_dns_cis" "public_dns_config" {
 
 data "ibm_sm_arbitrary_secret" "ibm_secrets_manager_secret" {
   provider    = ibm.secret-store
-  count       = var.private_key_secrets_manager_instance_guid != null ? 1 : 0
+  count       = var.acme_letsencrypt_private_key == null ? 1 : 0
   region      = var.private_key_secrets_manager_region != null ? var.private_key_secrets_manager_region : var.region
   instance_id = var.private_key_secrets_manager_instance_guid
   secret_id   = var.private_key_secrets_manager_secret_id
 }
 
 locals {
-  acme_letsencrypt_private_key = var.private_key_secrets_manager_instance_guid != null ? data.ibm_sm_arbitrary_secret.ibm_secrets_manager_secret[0].payload : var.acme_letsencrypt_private_key
+  acme_letsencrypt_private_key = var.acme_letsencrypt_private_key == null ? data.ibm_sm_arbitrary_secret.ibm_secrets_manager_secret[0].payload : var.acme_letsencrypt_private_key
 }
 
 # CA config - LetsEncrypt
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 744dd98..ffa7876 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -3,7 +3,8 @@
 ########################################################################################################################
 
 locals {
-  prefix = var.prefix != null ? trimspace(var.prefix) != "" ? "${var.prefix}-" : "" : ""
+  prefix                              = var.prefix != null ? trimspace(var.prefix) != "" ? "${var.prefix}-" : "" : ""
+  parse_acme_lets_encrypt_private_key = var.acme_letsencrypt_private_key_secrets_manager_secret_crn != null ? 1 : 0
 }
 
 module "secrets_manager_crn_parser" {
@@ -13,6 +14,7 @@ module "secrets_manager_crn_parser" {
 }
 
 module "secret_crn_parser" {
+  count   = local.parse_acme_lets_encrypt_private_key
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
   version = "1.1.0"
   crn     = var.acme_letsencrypt_private_key_secrets_manager_secret_crn
@@ -22,8 +24,8 @@ locals {
   existing_secrets_manager_guid   = module.secrets_manager_crn_parser.service_instance
   existing_secrets_manager_region = module.secrets_manager_crn_parser.region
 
-  secret_region = module.secret_crn_parser.region
-  secret_id     = module.secret_crn_parser.resource
+  secret_region = local.parse_acme_lets_encrypt_private_key == 0 ? null : module.secret_crn_parser[0].region
+  secret_id     = local.parse_acme_lets_encrypt_private_key == 0 ? null : module.secret_crn_parser[0].resource
 }
 
 module "secrets_manager_public_cert_engine" {
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 94d04be..3fc22d2 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -6,6 +6,8 @@ import (
 	"os"
 	"testing"
 
+	"github.com/gruntwork-io/terratest/modules/logger"
+	"github.com/gruntwork-io/terratest/modules/terraform"
 	"github.com/stretchr/testify/assert"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper"
@@ -150,7 +152,7 @@ func TestRunSolutionsFullyConfigurableUpgradeSchematics(t *testing.T) {
 		{Name: "prefix", Value: options.Prefix, DataType: "string"},
 		{Name: "existing_secrets_manager_crn", Value: permanentResources["secretsManagerCRN"], DataType: "string"},
 		{Name: "acme_letsencrypt_private_key_secrets_manager_secret_crn", Value: permanentResources["acme_letsencrypt_private_key_secret_crn"], DataType: "string"},
-		{Name: "dns_config_name", Value: "cert-dns", DataType: "string"},
+		{Name: "dns_config_name", Value: "cer-dns", DataType: "string"},
 		{Name: "internet_services_crn", Value: permanentResources["cisInstanceId"], DataType: "string"},
 		{Name: "skip_iam_authorization_policy", Value: true, DataType: "bool"}, // A permanent cis-sm auth policy already exists in the account
 	}
@@ -160,3 +162,32 @@ func TestRunSolutionsFullyConfigurableUpgradeSchematics(t *testing.T) {
 		assert.Nil(t, err, "This should not have errored")
 	}
 }
+
+func TestPlanValidation(t *testing.T) {
+
+	options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
+		Testing:       t,
+		TerraformDir:  fullyConfigurableDir,
+		Prefix:        "val-plan",
+		ResourceGroup: resourceGroup,
+	})
+	options.TestSetup()
+	options.TerraformOptions.NoColor = true
+	options.TerraformOptions.Logger = logger.Discard
+	options.TerraformOptions.Vars = map[string]interface{}{
+		"prefix":                        options.Prefix,
+		"existing_secrets_manager_crn":  permanentResources["secretsManagerCRN"],
+		"acme_letsencrypt_private_key":  "PRIVATE_KEY_VALUE", // pragma: allowlist secret
+		"skip_iam_authorization_policy": true,
+		"provider_visibility":           "public",
+	}
+
+	// Init
+	_, initErr := terraform.InitE(t, options.TerraformOptions)
+	assert.Nil(t, initErr, "Terraform init should not error")
+
+	// Plan
+	planOutput, planErr := terraform.PlanE(t, options.TerraformOptions)
+	assert.Nil(t, planErr, "Terraform plan should not error")
+	assert.NotNil(t, planOutput, "Expected Terraform plan output")
+}