diff --git a/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py b/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py
index c41d816909f..b24cbfaab9b 100644
--- a/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py
+++ b/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py
@@ -56,8 +56,8 @@ options:
       variable.
   ssl_ca_cert:
     description:
-    - Path to a CA certificate used to authenticate with the API. Can also be specified via K8S_AUTH_SSL_CA_CERT
-      environment variable.
+    - Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to
+      avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.
   verify_ssl:
     description:
     - "Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL
@@ -68,4 +68,7 @@ notes:
   - "The OpenShift Python client wraps the K8s Python client, providing full access to
     all of the APIS and models available on both platforms. For API version details and
     additional information visit https://github.com/openshift/openshift-restclient-python"
+  - "To avoid SSL certificate validation errors when C(verify_ssl) is I(True), the full
+    certificate chain for the API server must be provided via C(ssl_ca_cert) or in the
+    kubeconfig file."
 '''