diff --git a/website/source/docs/agent/encryption.html.markdown b/website/source/docs/agent/encryption.html.markdown
index 7b978dd9f0..3da1db8b0c 100644
--- a/website/source/docs/agent/encryption.html.markdown
+++ b/website/source/docs/agent/encryption.html.markdown
@@ -67,8 +67,8 @@ to verify the authenticity of the servers or verify the authenticity of clients.
 controlled by the `verify_incoming` and `verify_outgoing` [options](/docs/agent/options.html), respectively.
 
 If `verify_outgoing` is set, agents verify the authenticity of Consul for outgoing
-connections. Server nodes must present a certificate signed by the `ca_file` setting that must
-be present all agents. All server nodes must have an appropriate key pair set using `cert_file` and `key_file`.
+connections. Server nodes must present a certificate signed by the `ca_file` setting that in turn must
+be present on all agents. All server nodes must have an appropriate key pair set using `cert_file` and `key_file`.
 
 If `verify_incoming` is set, then the servers verify the authenticity of all incoming
 connections. Servers will also disallow any non-TLS connections. All clients must have