From 46c637ef2656ffca051408395b885c70218ca6ad Mon Sep 17 00:00:00 2001
From: k8s-infra-cherrypick-robot
 <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com>
Date: Mon, 1 Jul 2024 02:13:35 -0700
Subject: [PATCH] Docs: Improve default certificate usage. (#11519)

Co-authored-by: Marco <62987024+marco-svitol@users.noreply.github.com>
---
 docs/user-guide/tls.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/user-guide/tls.md b/docs/user-guide/tls.md
index af62cf7e3..eaf33e210 100644
--- a/docs/user-guide/tls.md
+++ b/docs/user-guide/tls.md
@@ -41,8 +41,9 @@ If this flag is not provided NGINX will use a self-signed certificate.
 For instance, if you have a TLS secret `foo-tls` in the `default` namespace,
 add `--default-ssl-certificate=default/foo-tls` in the `nginx-controller` deployment.
 
-The default certificate will also be used for ingress `tls:` sections that do not
-have a `secretName` option.
+If the `tls:` section is not set, NGINX will provide the default certificate but will not force HTTPS redirect.
+
+On the other hand, if the `tls:` section is set - even without specifying a `secretName` option - NGINX will force HTTPS redirect. 
 
 To force redirects for Ingresses that do not specify a TLS-block at all, take a look at `force-ssl-redirect` in [ConfigMap][ConfigMap].