diff --git a/ee/ucp/interlock/usage/tls.md b/ee/ucp/interlock/usage/tls.md
index 32f7e9910e..7c52129323 100644
--- a/ee/ucp/interlock/usage/tls.md
+++ b/ee/ucp/interlock/usage/tls.md
@@ -139,10 +139,12 @@ If everything is properly configured you should get a JSON payload:
 ```
 
 Since the proxy uses SNI to decide where to route traffic, make sure you're
-using a version of curl that includes the SNI header with insecure requests.
-If this doesn't happen, curl displays an error saying that the SSL handshake
+using a version of `curl` that includes the SNI header with insecure requests.
+If this doesn't happen, `curl` displays an error saying that the SSL handshake
 was aborterd.
 
+> ***NOTE:*** Currently there is no way to update expired certificates using this method. 
+> The proper way is to create a new secret then update the corresponding service. 
 
 ## Let your service handle TLS