diff --git a/docs/PLUGIN.md b/docs/PLUGIN.md
new file mode 100644
index 0000000..d000097
--- /dev/null
+++ b/docs/PLUGIN.md
@@ -0,0 +1,26 @@
+# Plugin install URL's
+
+Plugin releases are available inside of i2p at http://idk.i2p/reseed-tools/
+and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases.
+These can be installed by adding them on the 
+[http://127.0.0.1:7657/configplugins](http://127.0.0.1:7657/configplugins).
+
+After installing the plugin, you should immediately edit the `$PLUGIN/signer`
+file in order to set your `--signer` email, which is used to name your keys.
+You can find the `$PLUGIN` directory in your I2P config directory, which is
+usually `$HOME/.i2p` on Unixes.
+
+This will allow the developers to contact you if your reseed has issues
+and will authenticate your reseed to the I2P routers that use it.
+
+- darwin/amd64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3)
+- darwin/arm64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3)
+- linux/386: [http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3)
+- linux/amd64: [http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3)
+- linux/arm: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3)
+- linux/arm64: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3)
+- openbsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3)
+- freebsd/386: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3)
+- freebsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3)
+- windows/amd64: [http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3)
+- windows/386: [http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3)
diff --git a/docs/TLS.md b/docs/TLS.md
new file mode 100644
index 0000000..618b725
--- /dev/null
+++ b/docs/TLS.md
@@ -0,0 +1,50 @@
+TLS Configuration for your Reseed Server
+========================================
+
+By default, `reseed-tools` will generate self-signed certificates for your reseed service.
+This is so that it can use TLS by default, and so that it can offer self-signed certificates when operating in `.onion` mode.
+It is also possible to configure `reseed-tools` without TLS certificates,
+or to configure it to use ACME in order to automtically obtain a certificate from Let's Encrypt.
+
+I2P does not rely on TLS Certificate Authorities to authenticate reseed servers.
+Instead, the certificates are effectively "Pinned" in the software, after manual review by the I2P developers and the community.
+It is acceptable to use self-signed certificates in this fashion because they are not summarily trusted.
+A self-signed certificate which is not configured in the I2P software will not work when serving a reseed to an I2P router.
+
+Disable TLS
+-----------
+
+If you do this, it is highly recommended that you use a reverse proxy such as `Apache2` or `nginx` to provide a TLS connection to clients.
+Alternatively, you could run `reseed-tools` as an `.onion` service and rely on Tor for encryption and authentication.
+
+You can disable automatic TLS configuration with the `--trustProxy` flag like this:
+
+```sh
+
+./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --trustProxy
+```
+
+Setup Self-Signed TLS non-interactively
+---------------------------------------
+
+If you don't want to interactively configure TLS but still want to use self-signed certificates, you can pass the `--yes` flag, which will use the defaults for all config values.
+
+```sh
+
+./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --yes
+```
+
+Use ACME to acquire TLS certificate
+-----------------------------------
+
+Instead of self-signed certificates, if you want to chain up to a TLS CA, you can.
+To automate this process using an ACME CA, like Let's Encrypt, you can use the `--acme` flag.
+Be sure to change the `--acmeserver` option in order to use a **production** ACME server, as
+the software defaults to a **staging** ACME server for testing purposes.
+
+This functionality is new and may have issues. Please file bug reports at (i2pgit)[https://i2pgit.org/idk/reseed-tools) or [github](https://github.com/eyedeekay/reseed-tools).
+
+```sh
+
+./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --acme --acmeserver="https://acme-v02.api.letsencrypt.org/directory"
+```