From 279c02a3cecdc60ee2bfa2d60ed85812c9b603f9 Mon Sep 17 00:00:00 2001
From: Derek McGowan <derek@mcgstyle.net>
Date: Thu, 1 Sep 2016 15:11:44 -0700
Subject: [PATCH] Add note about required let's encrypt port

Let's Encrypt uses tls-sni to validate the certificate
on the standard https port 443. If the registry is
outwardly listening on a different port Let's Encrypt
will not issue a certificate.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
---
 docs/configuration.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/configuration.md b/docs/configuration.md
index 01e23134..0689d8d2 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1066,6 +1066,11 @@ and proxy connections to the registry server.
 The `letsencrypt` struct within `tls` is **optional**. Use this to configure TLS
 certificates provided by [Let's Encrypt](https://letsencrypt.org/how-it-works/).
 
+>**NOTE**: When using Let's Encrypt ensure that the outward facing address is
+> accessible on port `443`. The registry defaults to listening on `5000`, if
+> run as a container consider adding the flag `-p 443:5000` to the `docker run`
+> command or similar setting in cloud configuration.
+
 <table>
   <tr>
     <th>Parameter</th>