diff --git a/doc/installation/dependencies.md b/doc/installation/dependencies.md
index 4fc974666746340d952681186ff1cd7498843322..b1d94c4ee02d0ea562d34254ddb98f02ca332679 100644
--- a/doc/installation/dependencies.md
+++ b/doc/installation/dependencies.md
@@ -4,7 +4,6 @@ Items and information needed:
 - GKE cluster >= 1.8.5 (via `gcloud`)
 - [kubectl][] latest version (part of `gcloud`)
 - [helm][] latest version
-- SSL certificates
 - Secrets for Certificates, Registry, Redis
 - A regional static IP in Google Cloud, with an A record in DNS
 
diff --git a/doc/installation/deployment.md b/doc/installation/deployment.md
index c9efa2679884c90b5211383b465c18dea810a72c..3b3722f637ba9819429312d44e37d2b86570469f 100644
--- a/doc/installation/deployment.md
+++ b/doc/installation/deployment.md
@@ -1,3 +1,13 @@
+# Deployment
+
+## Deploy Let's Encrypt
+
+> *Note:* Skip this step if you are using [Wildcard certificates](secrets.md#wildcard-certificates)
+
+Follow the steps in the [kube-lego documentation](../kube-lego/README.md) to deploy the Kubernetes Let's Encrypt Chart.
+
+## Deploy GitLab
+
 To deploy, we'll run `helm install` with our configuration file, from the
 root of this repository:
 
diff --git a/doc/installation/secrets.md b/doc/installation/secrets.md
index 4a2b079b911658f10b671dd6455a0c4ccf497e9c..f3938e685fd8e27755b9cfde70ebdcc13e639ea6 100644
--- a/doc/installation/secrets.md
+++ b/doc/installation/secrets.md
@@ -8,6 +8,14 @@ For a functional deployment, different types of secrets are needed:
 
 ## Certificates
 
+### GitLab certificates
+
+#### Lets Encrypt
+
+If you are going to make use of Let's Encrypt certificates via [kube-lego](../kube-lego/README.md), then you can skip over [Wildcard certificates](#wildcard-certificates) and move to [Registry certificates](#registry-certificates)
+
+#### Wildcard certificates
+
 We advise that wildcard certificates are obtained to prevent the need to
 generate and maintain multiple sets of TLS certificates.
 
@@ -16,17 +24,6 @@ certificates. Ensure that the `.crt` file used is a properly structured full-cha
 certificate. Not using the full-chain certificate will result in a broken chain causing
 the certificate to not be trusted by many clients.
 
-> Note: GitLab Inc. employees have access to certificates generated specifically for
-development in this project. They are located in the `Cloud Native`
-vault in `1Password`. Only the `*chained.crt` certificate should be used.
-
-### GitLab certificates
-
-#### Lets Encrypt
-
-If you are going to make use of Let's Encrypt certificates via [kube-lego](../kube-lego/README.md), then you can skip over [Wildcard certificates](#wildcard-certificates) and move to [Registry certificates](#registry-certificates)
-
-#### Wildcard certificates
 Add the TLS wildcard certificate to cluster secrets with:
 
 ```