diff --git a/README.md b/README.md
index 625e1338ae209b8f86f6ecea28dd42e0e07d0e0a..bcf084547e933657f05596a2f341cf59a393c88d 100644
--- a/README.md
+++ b/README.md
@@ -110,6 +110,7 @@ Exception to this: the `http_logfile` option **ONLY** writes to local files.
 - `cookie_secret`: string. Authentication key for the session cookie. This can be a secret stored in a [vault](https://www.vaultproject.io/) using the form `/vault/path/key` e.g. `/vault/secret/cashier/cookie_secret`.
 - `csrf_secret`: string. Authentication key for CSRF protection. This can be a secret stored in a [vault](https://www.vaultproject.io/) using the form `/vault/path/key` e.g. `/vault/secret/cashier/csrf_secret`.
 - `http_logfile`: string. Path to the HTTP request log. Logs are written in the [Common Log Format](https://en.wikipedia.org/wiki/Common_Log_Format). The only valid destination for logs is a local file path.
+- `require_reason`: bool. Require the client to provide a reason when requesting a certificate. Defaults to `false`.
 - `database`: See below.
 
 ### database
diff --git a/example-server.conf b/example-server.conf
index fe8be00766a43cd24ea4af15ecb2cbe8ff96f231..477ae15c18ed68a36a4c57fcf8d8754fd9aed7e1 100644
--- a/example-server.conf
+++ b/example-server.conf
@@ -9,6 +9,7 @@ server {
   cookie_secret = "supersecret"  # Authentication key for the client cookie
   csrf_secret = "supersecret"  # Authentication key for the CSRF token
   http_logfile = "http.log"  # Logfile for HTTP requests
+  require_reason = false # Optional. Request a reason for the certificate from the client
   database {
     type = "mysql"
     dbname = "cashier_production"