diff --git a/src/docs/markdown/caddyfile/directives/file_server.md b/src/docs/markdown/caddyfile/directives/file_server.md
index a907f3d..b8f55af 100644
--- a/src/docs/markdown/caddyfile/directives/file_server.md
+++ b/src/docs/markdown/caddyfile/directives/file_server.md
@@ -22,7 +22,7 @@ file_server [<matcher>] [browse] {
 
 - **browse** enables file listings for requests to directories that do not have an index file.
 - **root** sets the path to the site root for just this file server instance, overriding any other. Default: `{http.vars.root}` or the current working directory. Note: This subdirective only changes the root for this directive. For other directives (like [`try_files`](/docs/caddyfile/directives/try_files) or [`templates`](/docs/caddyfile/directives/templates)) to know the same site root, use the [`root`](/docs/caddyfile/directives/root) directive, not this subdirective.
-- **hide** is a list of files to hide; if requested, the file server will pretend they do not exist. The active configuration file will be added by default. Specifying a file name without path will hide all files with that name; otherwise, a prefix match will be attempted, and then a globular match.
+- **hide** is a list of files or folders to hide; if requested, the file server will pretend they do not exist. Accepts placeholders and glob patterns. Note that these are _file system_ paths, NOT request paths. In other words, relative paths use the current working directory as a base, NOT the site root; and all paths are transformed to their absolute form before comparisons (if possible). Specifying a file name or pattern without a path separator will hide all files with a matching name regardless of its location; otherwise, a path prefix match will be attempted, and then a globular match. Since this is a Caddyfile config, the active configuration file(s) will be added by default.
 - **index** is a list of filenames to look for as index files. Default: `index.html index.txt`
 - **<template_file>** is an optional custom template file to use for directory listings. Defaults to the template that can be found [here in the source code <img src="/resources/images/external-link.svg">](https://github.com/caddyserver/caddy/blob/master/modules/caddyhttp/fileserver/browsetpl.go).
 
@@ -53,3 +53,11 @@ The `file_server` directive is usually paired with the [`root` directive](/docs/
 root * /home/user/public_html
 file_server
 ```
+
+Hide all `.git` folders and their contents:
+
+```caddy-d
+file_server {
+	hide .git
+}
+```
diff --git a/src/docs/markdown/caddyfile/directives/log.md b/src/docs/markdown/caddyfile/directives/log.md
index 49ef532..f299d93 100644
--- a/src/docs/markdown/caddyfile/directives/log.md
+++ b/src/docs/markdown/caddyfile/directives/log.md
@@ -6,6 +6,8 @@ title: log (Caddyfile directive)
 
 Enables and configures HTTP request logging (also known as access logs).
 
+The `log` directive applies to the host/port of the site block it appears in, not any other part of the site address (e.g. path).
+
 ## Syntax
 
 ```caddy-d
diff --git a/src/docs/markdown/caddyfile/directives/tls.md b/src/docs/markdown/caddyfile/directives/tls.md
index f1cc071..932fc7f 100644
--- a/src/docs/markdown/caddyfile/directives/tls.md
+++ b/src/docs/markdown/caddyfile/directives/tls.md
@@ -136,12 +136,19 @@ Obtains certificates using the ACME protocol.
 
 Obtains certificates using the ACME protocol, specifically with ZeroSSL.
 
-The config for `zerossl` is exactly the same as the config for `acme`, except that its name is `zerossl`, it will use ZeroSSL's directory, and it will automatically negotiate EAB credentials. In other words, simply specifying this issuer (with no other configuration) is enough to use ZeroSSL.
+```caddy
+... zerossl [<api_key>] {
+	...
+}
+```
 
-Its default directory endpoint is `https://acme.zerossl.com/v2/DV90`.
+The syntax for `zerossl` is exactly the same as for `acme`, except that its name is `zerossl` and it can optionally take your ZeroSSL API key.
 
-Note that ZeroSSL is RFC-8555-compliant and can be used with the `acme` issuer module instead, but this module is more convenient because it handles the EAB credentials under the hood for you.
+The functionality of the `zerossl` issuer is the same as the `acme` issuer, except that it will use ZeroSSL's directory by default and it can automatically negotiate EAB credentials (whereas with the `acme` issuer, you have to manually provide EAB credentials and set the directory endpoint).
 
+When explicitly configuring `zerossl`, an email address is required so that your certificates can appear in your ZeroSSL dashboard.
+
+Note that ZeroSSL is a default issuer, so configuring it explicitly is usually unnecessary.
 
 #### internal