From 377368b6317ae5e8f996942b17a36beabe5a3178 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Wed, 9 Mar 2022 12:49:11 -0700
Subject: [PATCH] Add note on automatic-https page

---
 src/docs/markdown/automatic-https.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/docs/markdown/automatic-https.md b/src/docs/markdown/automatic-https.md
index 1685fe5..a9e2cb3 100644
--- a/src/docs/markdown/automatic-https.md
+++ b/src/docs/markdown/automatic-https.md
@@ -79,6 +79,10 @@ Any of the following will prevent automatic HTTPS from being activated, either i
 - Listening exclusively on the HTTP port
 - Manually loading certificates (unless [this config property](/docs/json/apps/http/servers/automatic_https/ignore_loaded_certificates/) is true)
 
+**Special cases:**
+
+- Domains ending in `.ts.net` will not be managed by Caddy. Instead, Caddy will automatically attempt to get these certificates at handshake-time from the locally-running [Tailscale](https://tailscale.com) instance. This requires that [HTTPS is enabled in your Tailscale account](https://tailscale.com/kb/1153/enabling-https/) and the Caddy process must either be running as root, or you must configure `tailscaled` to give your Caddy user [permission to fetch certificates](https://github.com/caddyserver/caddy/pull/4541#issuecomment-1021568348).
+
 
 ## Effects