diff --git a/doc/howto/projects_confine.md b/doc/howto/projects_confine.md
index b8069de16b..22645a4472 100644
--- a/doc/howto/projects_confine.md
+++ b/doc/howto/projects_confine.md
@@ -25,7 +25,7 @@ Use the following command to add a restricted client certificate:
 
 ```{group-tab} Add client certificate
 
-    incus config trust add <certificate_file> --projects <project_name> --restricted
+    incus config trust add-certificate <certificate_file> --projects <project_name> --restricted
 ```
 
 ````
diff --git a/doc/metrics.md b/doc/metrics.md
index 734435421e..ba4a771b56 100644
--- a/doc/metrics.md
+++ b/doc/metrics.md
@@ -85,7 +85,7 @@ The command requires OpenSSL version 1.1.0 or later.
 
 Then add this certificate to the list of trusted clients, specifying the type as `metrics`:
 
-    incus config trust add metrics.crt --type=metrics
+    incus config trust add-certificate metrics.crt --type=metrics
 
 If requiring TLS client authentication isn't possible in your environment, the `/1.0/metrics` API endpoint can be made available to unauthenticated clients.
 While not recommended, this might be acceptable if you have other controls in place to restrict who can reach that API endpoint. To disable the authentication on the metrics API: