From d2a99f090dccb080ab44e60e6657014d3a15443c Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Tue, 24 Nov 2020 18:31:33 +0100
Subject: [PATCH] doc: add certificate reload tip to net.tls()

---
 daemon/bindings/net_tlssrv.rst | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/daemon/bindings/net_tlssrv.rst b/daemon/bindings/net_tlssrv.rst
index ea8afcf5f..2ad7ba95e 100644
--- a/daemon/bindings/net_tlssrv.rst
+++ b/daemon/bindings/net_tlssrv.rst
@@ -76,7 +76,10 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
 
 .. function:: net.tls([cert_path], [key_path])
 
-   Get/set path to a server TLS certificate and private key for DoT and DoH.
+   When called with path arguments, the function loads the server TLS
+   certificate and private key for DoT and DoH.
+
+   When called without arguments, the command returns the currently configured paths.
 
    Example output:
 
@@ -86,6 +89,11 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
       > net.tls()  -- print configured paths
       ("/etc/knot-resolver/server-cert.pem", "/etc/knot-resolver/server-key.pem")
 
+   .. tip:: The certificate files aren't automatically reloaded on change. If
+      you update the certificate files, e.g. using ACME, you have to either
+      restart the service(s) or call this function again using
+      :ref:`control-sockets`.
+
 .. function:: net.tls_sticket_secret([string with pre-shared secret])
 
    Set secret for TLS session resumption via tickets, by :rfc:`5077`.
-- 
2.47.2