From 026b1c9036175fa6e538c4fb97d46081a695b82e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= <mkonecny@redhat.com>
Date: Mon, 17 Apr 2023 08:49:40 +0200
Subject: [PATCH] Revoke the old certificate instead of deleting it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
---
 fedora_messaging_certificates.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/fedora_messaging_certificates.md b/fedora_messaging_certificates.md
index febd556..7f1aa10 100644
--- a/fedora_messaging_certificates.md
+++ b/fedora_messaging_certificates.md
@@ -47,14 +47,11 @@ Source: https://pagure.io/fedora-infrastructure/issue/8638
 
 # Regenerating TLS certificates
 
-* First remove old files
+* First revoke old certificate
 
 In the staging subdir run
 ```
-rm -f pki/reqs/<service_name>.stg.req
-rm -f pki/private/<service_name>.stg.key
-rm -f pki/issued/<service_name>.stg.crt
-rm -f pki/certs_by_serial/<serial_number_of_cert>.pem
+/usr/share/easy-rsa/3/easyrsa revoke <service-name>
 ```
 
 Same for production, but without `.stg` in name and the commands need to be run from production subdir