diff --git a/doc/letsencrypt_acme_sh.md b/doc/letsencrypt_acme_sh.md
new file mode 100644
index 0000000..a2a5353
--- /dev/null
+++ b/doc/letsencrypt_acme_sh.md
@@ -0,0 +1,18 @@
+# Getting LE certs via auto DNS config
+
+This is helpful when getting certs for domains which are scattered across
+machines/IPs. The [acme.sh](https://github.com/Neilpang/acme.sh) script will
+automatically configure DNS TXT records for LE to verify, instead of relying on
+Web requests to the machine.
+
+We need to automate this in a cookbook.
+
+## Steps
+
+Export Gandi Live DNS API key:
+
+    export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
+
+Run acme.sh like this:
+
+    acme.sh --issue --dns dns_gandi_livedns -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org