link fixes

content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md

@@ -27,6 +27,61 @@ helm template ./rancher-<version>.tgz --output-dir . \
 --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
 ```
 
+Rancher server is designed to be secure by default and requires SSL/TLS configuration. There are three options for the source of the certificate:
+
+{{% accordion id="self-signed" label="Rancher-Generated Certificates (Default)" %}}
+The default is for Rancher to generate a CA and use the `cert-manager` to issue the certificate for access to the Rancher server interface.
+
+- Replace `<CHART_REPO>` with the repository that you configured in [Add the Helm Chart Repository](#add-the-helm-chart-repository) (i.e. `latest` or `stable`).
+- Set the `hostname` to the DNS name you pointed at your load balancer.
+
+```plain
+helm template ./rancher-<version>.tgz --output-dir . \
+ --name rancher \
+ --namespace cattle-system \
+ --set hostname=<RANCHER.YOURDOMAIN.COM> \
+ --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
+```
+
+{{% /accordion %}}
+{{% accordion id="lets-encrypt" label="Let's Encrypt" %}}
+Use [LetsEncrypt](https://letsencrypt.org/)'s free service to issue trusted SSL certs. This configuration uses http validation so the Load Balancer must have a Public DNS record and be accessible from the internet.
+
+- Replace `<CHART_REPO>` with the repository that you configured in [Add the Helm Chart Repository](#add-the-helm-chart-repository) (i.e. `latest` or `stable`).
+- Set `hostname`, `ingress.tls.source=letsEncrypt` and LetsEncrypt options.
+
+```
+helm template ./rancher-<version>.tgz --output-dir . \
+  --name rancher \
+  --namespace cattle-system \
+  --set hostname=<RANCHER.YOURDOMAIN.COM> \
+  --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
+  --set ingress.tls.source=letsEncrypt \
+  --set letsEncrypt.email=me@example.org
+``` 
+{{% /accordion %}}
+{{% accordion id="secret" label="Certificates for Files (Kubernetes Secret)" %}}
+Create Kubernetes secrets from your own certificates for Rancher to use.
+
+> **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher.
+
+- Replace `<CHART_REPO>` with the repository that you configured in [Add the Helm Chart Repository](#add-the-helm-chart-repository) (i.e. `latest` or `stable`).
+- Set `hostname` and `ingress.tls.source=secret`.
+
+> **Note:** If you are using a Private CA signed cert, add `--set privateCA=true`
+
+```
+helm install rancher-<CHART_REPO>/rancher \
+  --name rancher \
+  --namespace cattle-system \
+  --set hostname=<RANCHER.YOURDOMAIN.COM> \
+  --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
+  --set ingress.tls.source=letsEncrypt \
+```
+
+Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. 
+{{% /accordion %}}
+
 ## B. Copy and Apply Manifests
 
 Copy the rendered manifest directories to a system that has access to the Rancher server cluster.
@@ -38,6 +93,4 @@ kubectl -n kube-system apply -R -f ./cert-manager
 
 kubectl create namespace cattle-system
 kubectl -n cattle-system apply -R -f ./rancher
-```
-
-Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details.
+```

content/rancher/v2.x/en/installation/air-gap-single-node/_index.md

@@ -16,11 +16,11 @@ As of v2.1.0, registries with authentication work for installing Rancher as well
 
 ## Installation Outline
 
-- [1. Provision Linux Host]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/provision-host/)
-- [2. Prepare Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/prepare-private-registry/)
-- [3. Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/install-rancher/)
-- [4. Configure Rancher for Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/config-rancher-for-private-reg/)
+- [1. Provision Linux Host]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/provision-host/)
+- [2. Prepare Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/prepare-private-registry/)
+- [3. Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/install-rancher/)
+- [4. Configure Rancher for Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/config-rancher-for-private-reg/)
 
 
 
-### [Next: Provision Linux Host]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/provision-host/)
+### [Next: Provision Linux Host]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/provision-host/)

content/rancher/v2.x/en/installation/air-gap-single-node/install-rancher/_index.md

@@ -87,4 +87,4 @@ Placeholder | Description
 
 {{% /accordion %}}
 
-### [Next: Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/config-rancher-for-private-reg/)
+### [Next: Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/config-rancher-for-private-reg/)

content/rancher/v2.x/en/installation/air-gap-single-node/prepare-private-registry/_index.md

@@ -42,4 +42,4 @@ After downloading the release files, publish the images from `rancher-images.txt
         ./rancher-load-images.sh --image-list ./rancher-images.txt --registry <REGISTRY.YOURDOMAIN.COM:PORT>
         ```
 
-### [Next: Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/install-rancher/)
+### [Next: Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/install-rancher/)

content/rancher/v2.x/en/installation/air-gap-single-node/provision-host/_index.md

@@ -8,4 +8,4 @@ Provision a single, air gapped Linux host according to our [Requirements]({{< ba
 
 This host should be disconnected from the internet, but should have connectivity with your private registry.
 
-### [Next: Prepare Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/prepare-private-registry/)
+### [Next: Prepare Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-single-node/prepare-private-registry/)