diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 2e8370a5a8..6ec893ac1f 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -13,8 +13,9 @@
 #
 #  dh-params.pem - the DH params configuration file
 #
-# If the directory does not exist or contain the necessary files, QEMU
-# domains will fail to start if they are configured to use TLS.
+# If the directory does not exist, libvirtd will fail to start. If the
+# directory doesn't contain the necessary files, QEMU domains will fail
+# to start if they are configured to use TLS.
 #
 # In order to overwrite the default path alter the following. This path
 # definition will be used as the default path for other *_tls_x509_cert_dir
@@ -87,8 +88,9 @@
 
 # In order to override the default TLS certificate location for
 # vnc certificates, supply a valid path to the certificate directory.
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but vnc_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
 
@@ -172,8 +174,9 @@
 
 # In order to override the default TLS certificate location for
 # spice certificates, supply a valid path to the certificate directory.
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but spice_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
 
@@ -224,8 +227,9 @@
 
 # In order to override the default TLS certificate location for character
 # device TCP certificates, supply a valid path to the certificate directory.
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but chardev_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 #chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev"
 
@@ -276,8 +280,9 @@
 # This is used to authenticate the VxHS block device clients to the VxHS
 # server.
 #
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but vxhs_tls = 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 # VxHS block device clients expect the client certificate and key to be
 # present in the certificate directory along with the CA master certificate.
@@ -294,7 +299,8 @@
 
 # In order to override the default TLS certificate location for migration
 # certificates, supply a valid path to the certificate directory. If the
-# provided path does not exist then the default_tls_x509_cert_dir path
+# provided path does not exist, libvirtd will fail to start. If the path is
+# not provided, but migrate_tls = 1, then the default_tls_x509_cert_dir path
 # will be used. Once/if a default certificate is enabled/defined, migration
 # will then be able to use the certificate via migration API flags.
 #