diff --git a/roles/certbot/README b/roles/certbot/README
index 6e44d28e42..724a4a33e6 100644
--- a/roles/certbot/README
+++ b/roles/certbot/README
@@ -19,4 +19,19 @@ To use it:
     /srv/web/acme-challenge/ -d YOURINSTANCE.fedorainfracloud.org
   setenforce 1
 
+3) Add your SSL VirtualHost. An Ansible template with something like this
+   should possibly work:
 
+  <VirtualHost {{public_ip}}:443 _default_:443>
+    ServerName YOURINSTANCE.fedorainfracloud.org
+
+    SSLEngine on
+    SSLCertificateFile    /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/cert.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/fullchain.pem
+    SSLHonorCipherOrder On
+    SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+    SSLProtocol ALL -SSLv2
+
+    <!-- Your actual config goes here! -->
+  </VirtualHost>