diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index fd3ce2be..9dde05b9 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -123,7 +123,6 @@ func (j jujuProviderModel) valid() bool {
 	validClientCredentials := j.loginViaClientCredentials()
 
 	return j.ControllerAddrs.ValueString() != "" &&
-		j.CACert.ValueString() != "" &&
 		(validUserPass || validClientCredentials) &&
 		!(validUserPass && validClientCredentials)
 }
@@ -316,9 +315,6 @@ func getJujuProviderModel(ctx context.Context, req provider.ConfigureRequest) (j
 		if planEnvVarDataModel.ControllerAddrs.ValueString() == "" {
 			diags.AddError("Controller address required", "The provider must know which juju controller to use. Please add to plan or use the JUJU_CONTROLLER_ADDRESSES environment variable.")
 		}
-		if planEnvVarDataModel.CACert.ValueString() == "" {
-			diags.AddError("Controller CACert required", "For the Juju certificate authority to be trusted by your system. Please add to plan or use the JUJU_CA_CERT environment variable.")
-		}
 	}
 	if diags.HasError() {
 		return planEnvVarDataModel, diags
@@ -349,9 +345,6 @@ func getJujuProviderModel(ctx context.Context, req provider.ConfigureRequest) (j
 	if errMsgDataModel.ControllerAddrs.ValueString() == "" {
 		diags.AddError("Controller address required", "The provider must know which juju controller to use.")
 	}
-	if errMsgDataModel.CACert.ValueString() == "" {
-		diags.AddError("Controller CACert required", "For the Juju certificate authority to be trusted by your system.")
-	}
 	if diags.HasError() {
 		tflog.Debug(ctx, "Current login values.",
 			map[string]interface{}{"jujuProviderModel": planData})
@@ -400,8 +393,9 @@ func checkClientErr(err error, config juju.ControllerConfiguration) diag.Diagnos
 	var diags diag.Diagnostics
 
 	x509error := &x509.UnknownAuthorityError{}
+	x509HostError := &x509.HostnameError{}
 	netOpError := &net.OpError{}
-	if errors.As(err, x509error) {
+	if errors.As(err, x509error) || errors.As(err, x509HostError) {
 		errDetail = "Verify the ca_certificate property set on the provider"
 
 		if config.CACert == "" {
diff --git a/internal/provider/provider_test.go b/internal/provider/provider_test.go
index f746cf9f..6a853bc5 100644
--- a/internal/provider/provider_test.go
+++ b/internal/provider/provider_test.go
@@ -151,6 +151,20 @@ func TestProviderConfigurex509InvalidFromEnv(t *testing.T) {
 	assert.Equal(t, "x509: certificate signed by unknown authority", err.Summary())
 }
 
+func TestProviderAllowsEmptyCACert(t *testing.T) {
+	jujuProvider := NewJujuProvider("dev")
+	//Set the CA cert to be empty and check that the provider still tries to connect.
+	t.Setenv(JujuCACertEnvKey, "")
+	t.Setenv("JUJU_CA_CERT_FILE", "")
+	confResp := configureProvider(t, jujuProvider)
+	// This is a live test, expect that the client connection will fail.
+	assert.Equal(t, confResp.Diagnostics.HasError(), true)
+	err := confResp.Diagnostics.Errors()[0]
+	assert.Equal(t, diag.SeverityError, err.Severity())
+	assert.Equal(t, "The ca_certificate provider property is not set and the Juju certificate authority is not trusted by your system", err.Detail())
+	assert.Equal(t, "x509: certificate signed by unknown authority", err.Summary())
+}
+
 func testAccPreCheck(t *testing.T) {
 	if TestClient != nil {
 		return