diff --git a/content/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/_index.md b/content/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/_index.md
index fa2e65fe889..796305b067e 100644
--- a/content/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/_index.md
+++ b/content/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/_index.md
@@ -11,8 +11,8 @@ Use `kubectl` with the `tls` secret type to create the secrets.
 
 ```
 kubectl -n cattle-system create secret tls tls-rancher-ingress \
-  --cert=./tls.crt \
-  --key=./tls.key
+  --cert=tls.crt \
+  --key=tls.key
 ```
 
 ### Private CA Signed - Additional Steps
@@ -21,6 +21,8 @@ If you are using a private CA, Rancher will need to have a copy of the CA cert t
 
 Copy the CA cert into a file named `cacerts.pem` and use `kubectl` to create the `tls-ca` secret in the `cattle-system` namespace.
 
+>**Important:** Make sure the file is called `cacerts.pem` as Rancher uses that filename to configure the CA cert.
+
 ```
 kubectl -n cattle-system create secret generic tls-ca \
   --from-file=cacerts.pem