diff --git a/middleware/tls/README.md b/middleware/tls/README.md
index 6070257d3..bb7494eb8 100644
--- a/middleware/tls/README.md
+++ b/middleware/tls/README.md
@@ -1,13 +1,31 @@
 # tls
 
-*tls* extra TLS configuration.
+*tls* allows you to configure the server certificates for the TLS and gRPC servers.
+For other types of servers it is ignored.
 
 ## Syntax
 
 ~~~ txt
-tls [STUFF]
+tls CERT KEY CA
 ~~~
 
-**STUFF** is things you'll need to configure TLS.
-
 ## Examples
+
+Start a DNS-over-TLS server.
+
+~~~
+tls://.:4453 {
+	tls cert.pem key.pem ca.pem
+	proxy . /etc/resolv.conf
+}
+~~~
+
+Start a DNS-over-gRPC server. If the `tls` directive were omitted, then
+it would use plain HTTP not HTTPS.
+
+~~~
+grpc://.:443 {
+	tls cert.pem key.pem ca.pem
+	proxy . /etc/resolv.conf
+}
+~~~