diff --git a/content/rke/latest/en/cert-mgmt/_index.md b/content/rke/latest/en/cert-mgmt/_index.md
index 21f9f53011e..95ba2123720 100644
--- a/content/rke/latest/en/cert-mgmt/_index.md
+++ b/content/rke/latest/en/cert-mgmt/_index.md
@@ -23,7 +23,8 @@ By default, Kubernetes clusters require certificates and RKE will automatically
 After the certificates are rotated, the Kubernetes components are automatically restarted. Certificates can be rotated for the following services:
 
 - etcd
-- kubelet
+- kubelet (node certificate)
+- kubelet (serving certificate, if [enabled]({{<baseurl>}}/rke/latest/en/config-options/services/#kubelet-options))
 - kube-apiserver
 - kube-proxy
 - kube-scheduler
diff --git a/content/rke/latest/en/example-yamls/_index.md b/content/rke/latest/en/example-yamls/_index.md
index 64d3ecf54bb..989623a7f01 100644
--- a/content/rke/latest/en/example-yamls/_index.md
+++ b/content/rke/latest/en/example-yamls/_index.md
@@ -185,6 +185,9 @@ services:
       cluster_dns_server: 10.43.0.10
       # Fail if swap is on
       fail_swap_on: false
+      # Generate a certificate signed by the kube-ca Certificate Authority
+      # for the kubelet to use as a server certificate
+      generate_serving_certificate: true
       # Set max pods to 250 instead of default 110
       extra_args:
         max-pods: 250