diff --git a/src/mailsrv/docs/Deploy.md b/src/mailsrv/docs/Deploy.md
index 1c2cf54..f72b0e5 100644
--- a/src/mailsrv/docs/Deploy.md
+++ b/src/mailsrv/docs/Deploy.md
@@ -3,25 +3,41 @@
 ## create dirs
 
 ```
-mkdir -p /srv/volumes/mailserver/{db,mail,ssl}
-chown -R 5000:5000 /srv/volumes/mailserver
-chmod go-rwx /srv/volumes/mailserver/ssl
+sudo mkdir -p /srv/vol/mailsrv/{db,mail,ssl}
+sudo chown -R 5000:5000 /srv/vol/mailsrv
+sudo chmod go-rwx /srv/vol/mailsrv/ssl
 ```
 put your `users` and `aliases.d` in the `db` directory. Mail will go in the `mail` directory.
 
+```
+sudo -i
+cd /srv/vol/mailsrv/db
+mkdir aliases.d
+```
+
+create aliases as needed
+
+```
+vi /srv/vol/mailsrv/db/users
+```
+
+format is like a passwd file with user:passwd (no spaces between)
+
+make sure that all files are owned by 5000:5000
+
 ## make sure mail ports are open
 
-add the following directives to the `myfirewall` chain in `/etc/nftables`:
+add the following directives to the `myfirewall` chain in `/etc/nftables.conf`:
 ```
                 # accept incoming SMTP(s) connections
-                tcp dport {25, 465, 587} accept
+                tcp dport {25, 587} accept
 
                 # accept incoming IMAP(s) connections
                 tcp dport {143, 993} accept
 ```
 then make sure configuration has taken place by running:
 ```
-nft -f /etc/nftables
+nft -f /etc/nftables.conf
 ```
 
 ## set up domain name
@@ -33,18 +49,26 @@ ping ${dnsname:?}
 
 ## get SSL certificates from letsencrypt
 
-install certbot:
+install acme.sh
+
 ```
-apt install certbot
+apt install socat
+git clone https://github.com/acmesh-official/acme.sh.git
+cd acme.sh
+./acme.sh --install --home /usr/local/lib/acme-sh \
+          --config-home /etc/acme-sh \
+          --accountemail letsencrypt@mail.alemor.org
 ```
 
-if you are using a firewall, you need to figure out how to define a temporary rule allowing http access. For nftables, the rule would be `nft insert rule inet myfilter myfirewall tcp dport 80 accept`.
+Then exit and relogin to refresh the bash hash
 
-Get a certificate for your domain by running:
 ```
-certbot certonly --standalone --pre-hook "nft insert rule inet myfilter myfirewall tcp dport 80 accept" --post-hook "nft -f /etc/nftables.conf" --deploy-hook "rsync -vaSHL /etc/letsencrypt/live/${domain:?}/ /srv/volumes/mailsrv/ssl/; chown -R 5000:5000 /srv/volumes/mailsrv/ssl" -d ${domain:?}
+acme.sh --issue --alpn --pre-hook 'systemctl stop haproxy' \
+        --post-hook 'systemctl start haproxy' -d mailtest.alemor.org
+acme.sh --install-cert -d mailtest.alemor.org \
+        --fullchain-file /srv/vol/mailsrv/ssl/fullchain.pem \
+        --key-file /srv/vol/mailsrv/ssl/key.pem
 ```
-the application may ask you a few questions. Answer them as you would like. Including the appropriate hooks in the issue command should ensure that those hooks are also included in subsequent renew commands.
 
 ## make users and aliases