diff --git a/README.md b/README.md
index fafbca4..c0199e0 100644
--- a/README.md
+++ b/README.md
@@ -79,3 +79,12 @@ script in the following  Linux distributions:
 > ``/usr/local/share/ca-certificates/``, otherwise one of these
 > https://golang.org/src/crypto/x509/root_linux.go
 
+### Drawbacks
+
+- [operational] it requires self-signed CA certs shared when running multiple
+Minio servers;
+- [operational] every X years it requires updating the CA certificate in the
+Traefik's (or any other reverse proxy) container;
+- [security] the CA key will have to be spread all over the environment.
+Theoretically, this could be solved by HashiCorp's Vault, but that won't be
+nice & small way of running things;