Move usage related summary below the configuration related summary

Signed-off-by: Richard Wall <[email protected]>

Author: wallrj

content/docs/README.md

@@ -7,16 +7,17 @@ description: |
 
 cert-manager creates TLS certificates for workloads in your Kubernetes or OpenShift cluster
 and renews the certificates before they expire.
-The private key and certificate are stored in Kubernetes Secrets and used by applications or ingress controllers.
 
-With the [csi-driver](projects/csi-driver.md), [csi-driver-spiffe](projects/csi-driver-spiffe.md), or [istio-csr](projects/istio-csr.md) addons,
-the private key is generated on-demand, before the application starts up;
-the private key never leaves the node and it is not stored a Kubernetes Secret.
-
-cert-manager can obtain certificates from a variety of certificate authorities, including:
+cert-manager can obtain certificates from a [variety of certificate authorities](configuration/issuers.md), including:
 [Let's Encrypt](configuration/acme/README.md), [HashiCorp Vault](configuration/vault.md),
 [Venafi](configuration/venafi.md) and [private PKI](configuration/ca.md).
 
+With cert-manager's [Certificate resource](usage/certificate.md), the private key and certificate are stored in a Kubernetes Secret
+which is mounted by an application Pod or used by an Ingress controller.
+With [csi-driver](usage/csi-driver.md), [csi-driver-spiffe](usage/csi-driver-spiffe.md), or [istio-csr](usage/istio-csr.md) ,
+the private key is generated on-demand, before the application starts up;
+the private key never leaves the node and it is not stored a Kubernetes Secret.
+
 ![High level overview diagram explaining cert-manager architecture](/images/high-level-overview.svg)
 
 This website provides the full technical documentation for the project, and can be