diff --git a/_posts/2015-02-24-znc160-ssl.md b/_posts/2015-02-24-znc160-ssl.md
index ce4aab3..b45ad2f 100644
--- a/_posts/2015-02-24-znc160-ssl.md
+++ b/_posts/2015-02-24-znc160-ssl.md
@@ -1,4 +1,4 @@
----
+--
 layout: post
 comments: true
 title: "ZNC 1.6.0 & SSL certificate verification"
@@ -97,8 +97,12 @@ network.
 
 1. You don't have `ca-certificates` package installed, so your system
    trusts no certificate authority. Install it and try again.
-2. You are connecting to wrong address. freenode's certificate is vaid for
-   \*.freenode.net, but some other domains are CNAMEs to it and get
+2. You are connecting to wrong address. freenode's certificate is valid for
+   \*.freenode.net, but there are CNAMEs pointing there. If you connect to
+   CNAME and the certificate isn't valid for that CNAME, the certificate
+   is invalid.
+    * You should always connect to either `irc.freenode.net` or
+      `chat.freenode.net` where it points to.
 3. There is MITM which is unlikely, but unlikely is not impossible.
    Validating the certificates either by trusted certificates or verifying
    the fingerprints securely manually protect you from this. If MITM is the