From 0656e02375c21836ceb39e632445ae67ca97b15b Mon Sep 17 00:00:00 2001
From: Donal McBreen <donal@37signals.com>
Date: Tue, 17 Jun 2025 15:42:15 +0100
Subject: [PATCH] Doc update from @acidtib in
 https://github.com/basecamp/kamal-site/pull/174

---
 lib/kamal/configuration/docs/proxy.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/kamal/configuration/docs/proxy.yml b/lib/kamal/configuration/docs/proxy.yml
index 90eaeaba..3eed868b 100644
--- a/lib/kamal/configuration/docs/proxy.yml
+++ b/lib/kamal/configuration/docs/proxy.yml
@@ -50,8 +50,9 @@ proxy:
   # Custom SSL certificate
   #
   # In some cases, using Let's Encrypt for automatic certificate management is not an
-  # option, or you may already have SSL certificates issued by a different
-  # Certificate Authority (CA). Kamal supports loading custom SSL certificates
+  # option, for example if you are running from host than one host. Or you may already
+  # have SSL certificates issued by a different Certificate Authority (CA).
+  # Kamal supports loading custom SSL certificates
   # directly from secrets.
   #
   # Examples:
@@ -60,6 +61,11 @@ proxy:
   #   ssl:                   # Enable custom SSL
   #     certificate_pem: CERTIFICATE_PEM
   #     private_key_pem: PRIVATE_KEY_PEM
+  #
+  # ### Notes
+  # - If the certificate or key is missing or invalid, kamal-proxy will fail to start.
+  # - Always handle SSL certificates and private keys securely. Avoid hard-coding them in deploy.yml files or source control.
+  # - For automated certificate management, consider using the built-in Let's Encrypt integration instead.
 
   # SSL redirect
   #