diff --git a/website/source/docs/secrets/pki/index.html.md b/website/source/docs/secrets/pki/index.html.md
index 7f873a412d..62e0ef184b 100644
--- a/website/source/docs/secrets/pki/index.html.md
+++ b/website/source/docs/secrets/pki/index.html.md
@@ -66,8 +66,8 @@ This also provides a convenient method of switching to a new CA certificate
 while keeping CRLs valid from the old CA certificate; simply mount a new
 backend and issue from there.
 
-A common pattern is to have one mount act as your root CA, which is only
-used for signing intermediate CA CSRs mounted at other locations.
+A common pattern is to have one mount act as your root CA and to use this CA
+only to sign intermediate CA CSRs from other PKI mounts.
 
 ### Keep certificate lifetimes short, for CRL's sake