diff --git a/docs/services/prometheus-blackbox-exporter.md b/docs/services/prometheus-blackbox-exporter.md
index 0d4d86a..ffeaaa4 100644
--- a/docs/services/prometheus-blackbox-exporter.md
+++ b/docs/services/prometheus-blackbox-exporter.md
@@ -15,11 +15,12 @@ To enable this service, add the following configuration to your `vars.yml` file
 
 prometheus_blackbox_exporter_enabled: true
 
-prometheus_blackbox_exporter_hostname: mash.example.com
-prometheus_blackbox_exporter_path_prefix: /metrics/blackbox-exporter
+# if you want to export blackbox's probe endpoint, uncomment and adjust the following vars
 
-prometheus_blackbox_exporter_basicauth_user: your_username
-prometheus_blackbox_exporter_basicauth_password: your password
+# prometheus_blackbox_exporter_hostname: mash.example.com
+# prometheus_blackbox_exporter_path_prefix: /metrics/blackbox-exporter
+# prometheus_blackbox_exporter_basicauth_user: your_username
+# prometheus_blackbox_exporter_basicauth_password: your password
 
 ########################################################################
 #                                                                      #
@@ -30,4 +31,4 @@ prometheus_blackbox_exporter_basicauth_password: your password
 
 ## Usage
 
-After you've installed the blackbox exporter, your blackbox prober will be available on `mash.example.com/metrics/blackbox-exporter` with the basic auth credentials you've configured.
+After you've installed the blackbox exporter, your blackbox prober will be available on `mash.example.com/metrics/blackbox-exporter` with the basic auth credentials you've configured if hostname and path prefix where provided
diff --git a/group_vars/mash_servers b/group_vars/mash_servers
index e52ef65..b656a06 100644
--- a/group_vars/mash_servers
+++ b/group_vars/mash_servers
@@ -807,7 +807,7 @@ prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/prometheu
 prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}"
 prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}"
 
-prometheus_blackbox_exporter_basicauth_enabled: true
+prometheus_blackbox_exporter_basicauth_enabled: "{{ prometheus_blackbox_exporter_container_labels_traefik_enabled }}"
 prometheus_blackbox_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.user', rounds=655555) | to_uuid }}"
 prometheus_blackbox_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.password', rounds=655555) | to_uuid }}"
 
@@ -816,7 +816,8 @@ prometheus_blackbox_exporter_container_additional_networks: |
     ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
   }}
 
-prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
+# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
+prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_blackbox_exporter_hostname }}"
 prometheus_blackbox_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
 prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
diff --git a/requirements.yml b/requirements.yml
index 63367f8..37c8371 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -70,7 +70,7 @@
   version: v1.5.0-6
 
 - src: git+https://gitlab.com/etke.cc/roles/prometheus_blackbox_exporter.git
-  version: v0.23.0-1
+  version: v0.23.0-2
 
 - src: git+https://gitlab.com/etke.cc/roles/redmine.git
   version: v5.0.5-1