diff --git a/app/functions.sh b/app/functions.sh
index 56f03f01..de94a5c1 100644
--- a/app/functions.sh
+++ b/app/functions.sh
@@ -236,6 +236,14 @@ function docker_api {
     else
         scheme="http://${DOCKER_HOST#*://}"
     fi
+    
+    if [[ -v DOCKER_TLS_VERIFY && -v DOCKER_CERT_PATH && ! -z "$DOCKER_TLS_VERIFY" ]]; then
+        curl_opts+=(--cert ${DOCKER_CERT_PATH}/cert.pem)
+        curl_opts+=(--key ${DOCKER_CERT_PATH}/key.pem)
+        curl_opts+=(--cacert ${DOCKER_CERT_PATH}/ca.pem)
+        scheme="https://${DOCKER_HOST#*://}"
+    fi
+
     [[ $method = "POST" ]] && curl_opts+=(-H 'Content-Type: application/json')
     curl "${curl_opts[@]}" -X "${method}" "${scheme}$1"
 }
diff --git a/docs/Container-configuration.md b/docs/Container-configuration.md
index dba47e59..74e3a735 100644
--- a/docs/Container-configuration.md
+++ b/docs/Container-configuration.md
@@ -32,4 +32,12 @@ You can also create test certificates per container (see [Test certificates](./L
 
 * `ACME_PRE_HOOK` - The provided command will be run before every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_PRE_HOOK=echo 'start'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
 
-* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
\ No newline at end of file
+* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
+
+## Optional docker host configuration
+* `DOCKER_HOST` - set the host for docker. Must include the scheme (`unix://`, `http://` or `https://`)
+
+If the docker host daemon socket is [protected](https://docs.docker.com/engine/security/https/):
+
+* `DOCKER_TLS_VERIFY` - set it to value `1` if the docker host requires client TLS authentication
+* `DOCKER_CERT_PATH` - path to TLS client certificates for the docker host. This folder should contain `cert.pem`, `key.pem` and `ca.pem` files. See [Create a CA, server and client keys with OpenSSL](https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl)
\ No newline at end of file