From cdf6b3c422db68627b37bd6846f0347bc8078f7c Mon Sep 17 00:00:00 2001
From: Joshua Fredrickson <joshua@orangepineapple.com>
Date: Fri, 18 Sep 2020 11:58:31 -0500
Subject: [PATCH] Add letsencrypt_contact_emails instructions (#245)

---
 docs/trellis/master/ssl.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/trellis/master/ssl.md b/docs/trellis/master/ssl.md
index 0791e135..643823ff 100644
--- a/docs/trellis/master/ssl.md
+++ b/docs/trellis/master/ssl.md
@@ -91,6 +91,18 @@ All you need to do is make sure those DNS records exist and point to the web ser
 
 If you want "www" subdomains to redirect to your canonical domain, they MUST be included in redirects.
 
+#### Setting the contact email
+
+LE requires at least one email address be provided as a contact email. Contact emails are used by LE to send expiry notices when a certificate is coming up for renewal.
+
+```yaml
+# groups_vars/all/main.yml (example)
+
+letsencrypt_contact_emails:
+  - changeme@example.com
+  - "{{ mail_admin }}" # defined in groups_vars/all/mail.yml
+```
+
 #### Challenges
 
 Let's Encrypt certificate process looks roughly like: