diff --git a/certbot/cli.py b/certbot/cli.py
index 1005f96eb..27a2af3d4 100644
--- a/certbot/cli.py
+++ b/certbot/cli.py
@@ -1117,9 +1117,10 @@ def prepare_and_parse_args(plugins, args, detect_defaults=False):  # pylint: dis
         help="Require that all configuration files are owned by the current "
              "user; only needed if your config is somewhere unsafe like /tmp/")
     helpful.add(
-        "security", "--dangerously-disable-server-tls-updates", action="store_true",
-        default=flag_default("disable_server_tls_updates"),
-        dest="disable_server_tls_updates",
+        "security", "--dangerously-disable-tls-configuration-updates",
+        action="store_true",
+        default=flag_default("disable_tls_configuration_updates"),
+        dest="disable_tls_configuration_updates",
         help="Disable any updates to your server's TLS configuration"
         " other than setting the certificate and key to be used when"
         " Certbot installs a new certificate. Using this flag is"
@@ -1187,9 +1188,10 @@ def prepare_and_parse_args(plugins, args, detect_defaults=False):  # pylint: dis
         "renew", "--disable-renew-updates", action="store_true",
         default=flag_default("disable_renew_updates"), dest="disable_renew_updates",
         help="Disable automatic updates to your server configuration that"
-        " would otherwise be done by the selected installer plugin, and"
-        " triggered by the \"renew\" verb. This setting does not apply to"
-        " important TLS configuration updates.")
+        " would otherwise be done by the selected installer plugin, and triggered"
+        " when the user executes \"certbot renew\", regardless of if the certificate"
+        " is renewed. This setting does not apply to important TLS configuration"
+        " updates.")
 
     helpful.add_deprecated_argument("--agree-dev-preview", 0)
     helpful.add_deprecated_argument("--dialog", 0)
diff --git a/certbot/constants.py b/certbot/constants.py
index fd3fd5c18..3ce85a6eb 100644
--- a/certbot/constants.py
+++ b/certbot/constants.py
@@ -64,7 +64,7 @@ CLI_DEFAULTS = dict(
     pref_challs=[],
     validate_hooks=True,
     directory_hooks=True,
-    disable_server_tls_updates=False,
+    disable_tls_configuration_updates=False,
     disable_renew_updates=False,
 
     # Subparsers
diff --git a/certbot/interfaces.py b/certbot/interfaces.py
index 3e7d1f9d8..608829042 100644
--- a/certbot/interfaces.py
+++ b/certbot/interfaces.py
@@ -256,7 +256,7 @@ class IConfig(zope.interface.Interface):
         "user; only needed if your config is somewhere unsafe like /tmp/."
         "This is a boolean")
 
-    disable_server_tls_updates = zope.interface.Attribute(
+    disable_tls_configuration_updates = zope.interface.Attribute(
         "If updates to the server's TLS configuration performed by the installer"
         " should be disabled.")
 
@@ -617,6 +617,10 @@ class GenericUpdater(object):
     This class allows plugins to perform types of updates that Certbot hasn't
     defined (yet).
 
+    To make use of this interface, the installer should implement the interface
+    methods, and interfaces.GenericUpdater.register(InstallerClass) should
+    be called from the installer code.
+
     """
 
     __metaclass__ = abc.ABCMeta
@@ -643,6 +647,9 @@ class RenewDeployer(object):
     This class allows plugins to perform types of updates that need to run at
     lineage renewal that Certbot hasn't defined (yet).
 
+    To make use of this interface, the installer should implement the interface
+    methods, and interfaces.RenewDeployer.register(InstallerClass) should
+    be called from the installer code.
     """
 
     __metaclass__ = abc.ABCMeta
@@ -665,7 +672,7 @@ class RenewDeployer(object):
         """
 
 
-class ServerTLSUpdater(object):
+class ServerTLSConfigurationUpdater(object):
     """Interface for updating a server's TLS configuration.
 
     An installer that wants to perform TLS configuration updates according to this
@@ -677,15 +684,19 @@ class ServerTLSUpdater(object):
     existing TLS configuration in any way other than changing the certificates
     and keys used by the server.
 
+    To make use of this interface, the installer should implement the interface
+    methods, and interfaces.ServerTLSConfigurationUpdater.register(InstallerClass)
+    should be called from the installer code.
+
     An installer can determine if TLS configuration updates are enabled by checking
-    :attr:`IConfig.disable_server_tls_updates`.
+    :attr:`IConfig.disable_tls_configuration_updates`.
 
     """
 
     __metaclass__ = abc.ABCMeta
 
     @abc.abstractmethod
-    def server_tls_updates(self, domain, *args, **kwargs):
+    def tls_configuration_updates(self, domain, *args, **kwargs):
         """Set the server's TLS config to latest recommended version.
 
         If an installer is a subclass of the class containing this method, this
diff --git a/certbot/plugins/selection.py b/certbot/plugins/selection.py
index aacaba7b5..8b3f92a13 100644
--- a/certbot/plugins/selection.py
+++ b/certbot/plugins/selection.py
@@ -210,7 +210,7 @@ def choose_configurator_plugins(config, plugins, verb):  # pylint: disable=too-m
 def verify_enhancements_supported(config, installer):
     """Verify the requested enhancements are supported by the installer.
 
-    If the discouraged --dangerously-disable-server-tls-updates flag is
+    If the discouraged --dangerously-disable-tls-configuration-updates flag is
     set, we try to verify with the user that this behavior was desired
     and not set accidentally through a copied command line or
     configuration file.
@@ -226,9 +226,9 @@ def verify_enhancements_supported(config, installer):
     :raises errors.MisconfigurationError: configuration conflict
 
     """
-    if config.disable_server_tls_updates:
-        flag = "--dangerously-disable-server-tls-updates"
-        if isinstance(installer, interfaces.ServerTLSUpdater):
+    if config.disable_tls_configuration_updates:
+        flag = "--dangerously-disable-tls-configuration-updates"
+        if isinstance(installer, interfaces.ServerTLSConfigurationUpdater):
             verified = z_util(interfaces.IDisplay).yesno(
                 "You have requested Certbot disable TLS updates by"
                 " setting {0} on the command line or in a configuration"
diff --git a/certbot/tests/renewupdater_test.py b/certbot/tests/renewupdater_test.py
index 3b83fda59..95ab5c378 100644
--- a/certbot/tests/renewupdater_test.py
+++ b/certbot/tests/renewupdater_test.py
@@ -13,17 +13,17 @@ import certbot.tests.util as test_util
 
 
 class RenewUpdaterTest(unittest.TestCase):
-    """Tests for interfaces.ServerTLSUpdater and
+    """Tests for interfaces.ServerTLSConfigurationUpdater and
     interfaces.GenericUpdater"""
 
     def setUp(self):
-        class MockInstallerTLSUpdater(interfaces.ServerTLSUpdater):
-            """Mock class that implements ServerTLSUpdater"""
+        class MockInstallerTLSUpdater(interfaces.ServerTLSConfigurationUpdater):
+            """Mock class that implements ServerTLSConfigurationUpdater"""
             def __init__(self, *args, **kwargs):
                 # pylint: disable=unused-argument
                 self.restart = mock.MagicMock()
                 self.callcounter = mock.MagicMock()
-            def server_tls_updates(self, domain, *args, **kwargs):
+            def tls_configuration_updates(self, domain, *args, **kwargs):
                 self.callcounter(*args, **kwargs)
 
         class MockInstallerGenericUpdater(interfaces.GenericUpdater):
@@ -57,7 +57,7 @@ class RenewUpdaterTest(unittest.TestCase):
     @mock.patch('certbot.plugins.selection.z_util')
     def test_verify_enhancements_tlsupdater(self, mock_z):
         mock_z().yesno.return_value = False
-        config = self.get_config({"server_tls_updates": False})
+        config = self.get_config({"tls_configuration_updates": False})
         self.assertRaises(errors.Error,
                           selection.verify_enhancements_supported,
                           config, self.tls_installer)
@@ -65,7 +65,7 @@ class RenewUpdaterTest(unittest.TestCase):
         mock_z().yesno.return_value = True
         selection.verify_enhancements_supported(config, self.tls_installer)
 
-        # Plugin does not implement ServerTLSUpdater
+        # Plugin does not implement ServerTLSConfigurationUpdater
         self.assertRaises(errors.PluginSelectionError,
                           selection.verify_enhancements_supported,
                           config, self.generic_updater)
@@ -75,7 +75,7 @@ class RenewUpdaterTest(unittest.TestCase):
     @mock.patch('certbot.plugins.selection.choose_configurator_plugins')
     @test_util.patch_get_utility()
     def test_server_updates(self, _, mock_select, mock_getsave):
-        config = self.get_config({"disable_server_tls_updates": False,
+        config = self.get_config({"disable_tls_configuration_updates": False,
                                   "disable_renew_updates": False})
 
         lineage = mock.MagicMock()
diff --git a/certbot/updater.py b/certbot/updater.py
index 449e1547d..c30908a23 100644
--- a/certbot/updater.py
+++ b/certbot/updater.py
@@ -62,9 +62,9 @@ def _run_updaters(lineage, installer, config):
     :rtype: None
     """
     for domain in lineage.names():
-        if not config.disable_server_tls_updates:
-            if isinstance(installer, interfaces.ServerTLSUpdater):
-                installer.server_tls_updates(domain)
+        if not config.disable_tls_configuration_updates:
+            if isinstance(installer, interfaces.ServerTLSConfigurationUpdater):
+                installer.tls_configuration_updates(domain)
         if not config.disable_renew_updates:
             if isinstance(installer, interfaces.GenericUpdater):
                 installer.generic_updates(domain)