diff --git a/ssl-server-setup.md b/ssl-server-setup.md
index b835464..a2603c8 100644
--- a/ssl-server-setup.md
+++ b/ssl-server-setup.md
@@ -27,7 +27,11 @@ next, let's install `certbot`. we will use this to obtain ssl certificates from
 * `sudo chgrp www-data /etc/letsencrypt/live`
 * `sudo chmod 750 /etc/letsencrypt/live`
 
-**note3**: letsencrypt will email you when your cert is about to expire. when that happens, forward port 443 and 80 to your host again, and run `sudo letsencrypt renew`. don't forget to shut down the forwarded port after renewal finishes!
+**note3**: letsencrypt will email you when your cert is about to expire. when that happens:
+1. shut down `ngnix` if it's still running
+2. forward port `443` and `80` to your host again
+3. run `sudo letsencrypt renew` 
+4. shut down the forwarded ports!
 
 # configure nginx