diff --git a/docs/concepts/domains.mdx b/docs/concepts/domains.mdx
index 66c951dde..7d6edbe5a 100644
--- a/docs/concepts/domains.mdx
+++ b/docs/concepts/domains.mdx
@@ -71,15 +71,23 @@ const service = new defang.DefangService("serviceName", {
 
 ## Bring Your Own Domain
 
-If you are using [Defang BYOC](./defang-byoc.md), you can bring your own custom domain to use with your services. 
+You can also bring your own domain to a Defang project. This allows you to use your own domain name to access your services, and varies a little bit depending on your setup.
 
-There are two main limitations to keep in mind when using Defang BYOC:
-  1. You can only use one domain per service.
-  2. Currently you must host your domain's DNS with the [provider](./defang-byoc.md) you are using.
-      * [AWS documentation on public hosted zones](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/AboutHZWorkingWith.html)
+### BYOC or Defang Playground
 
-:::tip NS Records
-If you want to use your existing DNS provider for other aspects of your system, you can do so and just point a subdomain to your [provider's](./defang-byoc.md) nameservers using NS records.
+If you are using [Defang BYOC](./defang-byoc.md) and *do not* have your domain's DNS hosted with your cloud provider, you will need to follow this flow:
+
+1. Add the `domainname` to your service definition.
+2. Run `defang compose up` to deploy your project.
+3. Run `defang cert generate` to generate an SSL certificate. This command will provide instructions for where to point your domain's DNS before the certificate can be issued.
+
+### BYOC
+
+If you are using [Defang BYOC](./defang-byoc.md) and the DNS for your domain is hosted with your cloud provider (i.e. a Hosted Zone in Route 53, if you're using AWS), all you need to do is specify the `domainname` in your service definition, as in the example below.
+
+:::warning
+For the time being, you can only use one domain per service.
+If you need to use multiple domains, please vote on this [issue](https://github.com/DefangLabs/defang/issues/247).
 :::
 
 ### Sample Configuration
diff --git a/docs/concepts/security.md b/docs/concepts/security.md
index ccc496d05..cbd145cc6 100644
--- a/docs/concepts/security.md
+++ b/docs/concepts/security.md
@@ -22,9 +22,9 @@ Defang creates roles for your services to use, and attaches policies to those ro
 
 Defang configures Security Groups, deploys applictions to a private subnet and uses an Application Load Balancer to route traffic to your services from the public internet only when required. 
 
-## TLS
+## SSL
 
-Defang automates the process of obtaining and renewing TLS certificates for your services using AWS Certificate Manager.
+Defang automates the process of obtaining and renewing SSL certificates for your services using AWS Certificate Manager.
 
 ## Secrets