diff --git a/docs/first_steps.md b/docs/first_steps.md
index 9cdd53f7..53d29714 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -33,17 +33,19 @@ certbot certonly \
         --agree-tos
 ```
 
-3. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
+4. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
 ```
 mv data/assets/ssl/cert.{pem,pem.backup}
 mv data/assets/ssl/key.{pem,pem.backup}
 ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem
 ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem
 ```
-4. Restart containers which use the certificate:
+
+5. Restart affected containers:
 ```
 docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow
 ```
+
 When renewing certificates, run the last two steps (link + restart) as post-hook in a script.
 
 # Rspamd Web UI
@@ -70,7 +72,7 @@ Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!
 You don't need to change the Nginx site that comes with mailcow: dockerized.
 mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.
 
-Make sure you change HTTP_BIND and HTTPS_BIND to a local address and set the ports accordingly, for example:
+Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:
 ```
 HTTP_BIND=127.0.0.1
 HTTP_PORT=8080
@@ -78,6 +80,8 @@ HTTPS_PORT=127.0.0.1
 HTTPS_PORT=8443
 ```
 
+Recreate affected containers by running `docker-compose up -d`.
+
 Configure your local webserver as reverse proxy:
 
 **Apache 2.4**