diff --git a/step-ca/certificate-authority-server-production.mdx b/step-ca/certificate-authority-server-production.mdx
index 73ce318c..029d8ddb 100644
--- a/step-ca/certificate-authority-server-production.mdx
+++ b/step-ca/certificate-authority-server-production.mdx
@@ -550,7 +550,7 @@ There's a few things you should know before you deploy this setup:
   See below for an example.
 - Certificate renewal via `step ca renew` uses mutual TLS authentication by default.
   Mutual TLS is incompatible with application-layer reverse proxying.
-  When proxying traffic, pass `--mtls false` to `step ca renew`
+  When proxying traffic, pass `--mtls=false` to `step ca renew`
   (or set `STEP_MTLS` to `false`).
   This will trigger an alternative renewal flow that employs authentication tokens.
   (See `step ca renew --help` for more details.)