From 4757573de2c0fd0f5772100b5d64c9ae2ccebfc8 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Tue, 4 Jul 2023 20:09:45 +0200
Subject: [PATCH] [ca] Document instructions for certificate renewal.

---
 ca/README | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ca/README b/ca/README
index 3270c05..ae17dc8 100644
--- a/ca/README
+++ b/ca/README
@@ -57,6 +57,14 @@ browser [7].
 $ openssl pkcs12 -export -inkey <name>.key -in <name>.crt -out <name>.p12
 ```
 
+Renew
+-----
+
+The CRL file expires after 30 days by defualt. Renew it by recreating the files.
+
+1. Create new `crlfile` and `ca.crl`.
+2. Restart the service which uses `ca.crl`.
+
 [1] https://stackoverflow.com/a/71024854
 [2] https://stackoverflow.com/a/41366949
 [3] https://gist.github.com/croxton/ebfb5f3ac143cd86542788f972434c96
-- 
2.39.5