clarify TLS instructions

INSTALL.md

@@ -358,10 +358,10 @@ For information on using a reverse proxy, see
 [docs/reverse_proxy.rst](docs/reverse_proxy.rst).
 
 To configure Synapse to expose an HTTPS port, you will need to edit
-`homeserver.yaml`.
+`homeserver.yaml`, as follows:
 
-First, under the `listeners` section, uncomment the configuration for the
+* First, under the `listeners` section, uncomment the configuration for the
-TLS-enabled listener. (Remove the hash sign (`#`) and space at the start of
+  TLS-enabled listener. (Remove the hash sign (`#`) at the start of
   each line). The relevant lines are like this:
 
   ```
@@ -371,13 +371,12 @@ each line). The relevant lines are like this:
       resources:
         - names: [client, federation]
   ```
-
+* You will also need to uncomment the `tls_certificate_path` and
-You will also need to uncomment the `tls_certificate_path` and
+  `tls_private_key_path` lines under the `TLS` section. You can either
-`tls_private_key_path` lines under the `TLS` section. You can either point
+  point these settings at an existing certificate and key, or you can
-these settings at an existing certificate and key, or you can enable Synapse's
+  enable Synapse's built-in ACME (Let's Encrypt) support.  Instructions
-built-in ACME (Let's Encrypt) support.  Instructions for having Synapse
+  for having Synapse automatically provision and renew federation 
-automatically provision and renew federation certificates through ACME can be
+  certificates through ACME can be found at [ACME.md](docs/ACME.md).
-found at [ACME.md](docs/ACME.md).
 
 ## Registering a user