From abde9e2fbaaabf41e89745ca6434ac874f1ee41f Mon Sep 17 00:00:00 2001
From: Alexander Neumann <alexander@bumpern.de>
Date: Sun, 26 Nov 2017 10:09:54 +0100
Subject: [PATCH] doc: Add --cacert to REST section

---
 doc/030_preparing_a_new_repo.rst | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/doc/030_preparing_a_new_repo.rst b/doc/030_preparing_a_new_repo.rst
index 35500b28e..a8cb519f6 100644
--- a/doc/030_preparing_a_new_repo.rst
+++ b/doc/030_preparing_a_new_repo.rst
@@ -135,10 +135,11 @@ are some more examples:
     $ restic -r rest:https://user:pass@host:8000/
     $ restic -r rest:https://user:pass@host:8000/my_backup_repo/
 
-If you use TLS, make sure your certificates are signed, 'cause restic
-client will refuse to communicate otherwise. It's easy to obtain such
-certificates today, thanks to free certificate authorities like `Let’s
-Encrypt <https://letsencrypt.org/>`__.
+If you use TLS, restic will use the system's CA certificates to verify the
+server certificate. When the verification fails, restic refuses to proceed and
+exits with an error. If you have your own self-signed certificate, or a custom
+CA certificate should be used for verification, you can pass restic the
+certificate filename via the `--cacert` option.
 
 REST server uses exactly the same directory structure as local backend,
 so you should be able to access it both locally and via HTTP, even