1 files changed, 43 insertions, 0 deletions

diff --git a/docs/configuration/letsencrypt.md b/docs/configuration/letsencrypt.md
new file mode 100644
index 000000000..05953cbb7
--- /dev/null
+++ b/docs/configuration/letsencrypt.md
@@ -0,0 +1,43 @@
+# LetsEncrypt
+
+## Settings
+
+```yaml
+##############################
+##### LETSENCRYPT CONFIG #####
+##############################
+
+# Config pertaining to the automatic acquisition and use of LetsEncrypt HTTPS certificates.
+letsEncrypt:
+
+  # Bool. Whether or not letsencrypt should be enabled for the server.
+  # If false, the rest of the settings here will be ignored.
+  # You should only change this if you want to serve GoToSocial behind a reverse proxy
+  # like Traefik, HAProxy, or Nginx.
+  # Options: [true, false]
+  # Default: true
+  enabled: true
+
+  # Int. Port to listen for letsencrypt certificate challenges on.
+  # If letsencrypt is enabled, this port must be reachable or you won't be able to obtain certs.
+  # If letsencrypt is disabled, this port will not be used.
+  # This *must not* be the same as the webserver/API port specified above.
+  # Examples: [80, 8000, 1312]
+  # Default: 80
+  port: 80
+
+  # String. Directory in which to store LetsEncrypt certificates.
+  # It is a good move to make this a sub-path within your storage directory, as it makes
+  # backup easier, but you might wish to move them elsewhere if they're also accessed by other services.
+  # In any case, make sure GoToSocial has permissions to write to / read from this directory.
+  # Examples: ["/home/gotosocial/storage/certs", "/acmecerts"]
+  # Default: "/gotosocial/storage/certs"
+  certDir: "/gotosocial/storage/certs"
+
+  # String. Email address to use when registering LetsEncrypt certs.
+  # Most likely, this will be the email address of the instance administrator.
+  # LetsEncrypt will send notifications about expiring certificates etc to this address.
+  # Examples: ["admin@example.org"]
+  # Default: ""
+  emailAddress: ""
+```