diff --git a/readme.md b/readme.md
index 1e6e78c..e963dcb 100644
--- a/readme.md
+++ b/readme.md
@@ -107,7 +107,21 @@ Which defaults to ```cert/domain.tld/fullchain.pem``` and ```cert/domain.tld/pri
 
 An example certificate folder structure could look like this:
 
-TODO
+``` zsh
+certs
+├── conference.domain.tld
+│   ├── fullchain.pem
+│   └── privkey.pem
+├── proxy.domain.tld
+│   ├── fullchain.pem
+│   └── privkey.pem
+├── upload.domain.tld
+│   ├── fullchain.pem
+│   └── privkey.pem
+└── domain.tld
+    ├── fullchain.pem
+    └── privkey.pem
+```
 
 Thats how Let's encrypt certbot does it out of the box.
 
@@ -155,17 +169,17 @@ Inspect logs: ```docker-compose logs -f```.
 
 #### Environment variables
 
-| Variable | Description | Type | Default value |
-| -------- | ----------- | ---- | ------------- |
-| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true
-| **DOMAIN** | domain | **required** | null
-| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN**
-| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN**
-| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN**
-| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info
-| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true
-| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true
-| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true
+| Variable                   | Description                                                                                             | Type         | Default value         |
+| -------------------------- | ------------------------------------------------------------------------------------------------------- | ------------ | --------------------- |
+| **ALLOW_REGISTRATION**     | Whether to allow registration of new accounts via Jabber clients                                        | *optional*   | true                  |
+| **DOMAIN**                 | domain                                                                                                  | **required** | null                  |
+| **DOMAIN_HTTP_UPLOAD**     | Domain which lets clients upload files over HTTP                                                        | *optional*   | upload.**DOMAIN**     |
+| **DOMAIN_MUC**             | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional*   | conference.**DOMAIN** |
+| **DOMAIN_PROXY**           | Domain for SOCKS5 bytestream proxy for server-proxied file transfers                                    | *optional*   | proxy.**DOMAIN**      |
+| **LOG_LEVEL**              | Min log level. Change to debug for more information                                                     | *optional*   | info                  |
+| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not                                | *optional*   | true                  |
+| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not                                | *optional*   | true                  |
+| **S2S_SECURE_AUTH**        | Require encryption and certificate authentication                                                       | *optional*   | true                  |
 
 #### DNS