diff --git a/docs/tutorials/acme/dns-validation.rst b/docs/tutorials/acme/dns-validation.rst
index a65672bdb..f2a8f8e0f 100644
--- a/docs/tutorials/acme/dns-validation.rst
+++ b/docs/tutorials/acme/dns-validation.rst
@@ -95,7 +95,7 @@ Once we have created the above Issuer we can use it to obtain a certificate.
      secretName: example-com-tls
      issuerRef:
        name: letsencrypt-staging
-     commonName: *.example.com
+     commonName: '*.example.com'
      dnsNames:
      - example.com
      - foo.com
@@ -104,7 +104,7 @@ Once we have created the above Issuer we can use it to obtain a certificate.
        - dns01:
            provider: prod-dns
          domains:
-         - *.example.com
+         - '*.example.com'
          - example.com
        - dns01:
            provider: cf-dns
@@ -113,7 +113,8 @@ Once we have created the above Issuer we can use it to obtain a certificate.
 
 The Certificate resource describes our desired certificate and the possible
 methods that can be used to obtain it.
-You can obtain certificates for wildcard domains just like any other.
+You can obtain certificates for wildcard domains just like any other. Make sure to
+wrap wildcard domains with asterisks in your YAML resources, to avoid formatting issues.
 If you specify both ``example.com`` and ``*.example.com`` on the same Certificate,
 it will take slightly longer to perform validation as each domain will have to be
 validated one after the other.