diff --git a/doc/source/authoring_and_deployment.rst b/doc/source/authoring_and_deployment.rst
index 86ad0e50d..e1e883e94 100644
--- a/doc/source/authoring_and_deployment.rst
+++ b/doc/source/authoring_and_deployment.rst
@@ -351,6 +351,17 @@ with random generated ones:
 
     python3 -c "from crypt import *; print(crypt('<YOUR_PASSWORD>', METHOD_SHA512))"
 
+Configure certificates in ``site/${NEW_SITE}/secrets/certificates/ingress.yaml``,
+they need to be issued for domain configured in a section ``data.dns.ingress_domain``
+of a file ``./site/${NEW_SITE}/networks/common-addresses.yaml``. A list of endpoints
+which will be used with these certificates can be found in the following file
+``./site/${NEW_SITE}/software/config/endpoints.yaml``.
+
+.. caution::
+
+    It's required to configure valid certificates, self-signed certificates
+    are not supported.
+
 Manifest linting and combining layers
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/site/airship-seaworthy/secrets/certificates/ingress.yaml b/site/airship-seaworthy/secrets/certificates/ingress.yaml
index ce475d4e2..b799fdb9f 100644
--- a/site/airship-seaworthy/secrets/certificates/ingress.yaml
+++ b/site/airship-seaworthy/secrets/certificates/ingress.yaml
@@ -1,7 +1,7 @@
 ---
 # Example manifest for ingress cert.
-# Shall be replaced with proper/valid set.
-# Self-signed certs are not supported.
+# NEWSITE-CHANGEME: must be replaced with proper/valid set,
+# self-signed certs are not supported.
 metadata:
   layeringDefinition:
     abstract: false