Add regenerate certificates howto

fedora_messaging_certificates.md

@@ -45,6 +45,28 @@ git push
 
 Source: https://pagure.io/fedora-infrastructure/issue/8638
 
+# Regenerating TLS certificates
+
+* First remove old files
+
+In the staging subdir run
+```
+rm -f pki/reqs/<service_name>.stg.req
+rm -f pki/private/<service_name>.stg.key
+rm -f pki/issued/<service_name>.stg.crt
+rm -f pki/certs_by_serial/<serial_number_of_cert>.pem
+```
+
+Same for production, but without `.stg` in name and the commands need to be run from production subdir
+
+* Remove the cert from `index.txt` and `index.txt.old`
+
+The easiest way around this is to simply to a ``git grep <name of your cert>``.
+It should tell you that the name can be found in ``index.txt`` (and potentially
+``index.txt.old`` if another certificate was generated since the first attempt
+and yours).
+
+* Follow the `How to create TLS certificates for fedora-messaging` section in this How-To
 
 ## Debugging