From db2d87e59cfb631d6a44edb5923bba5e4a463e30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= <mkonecny@redhat.com>
Date: Fri, 14 Apr 2023 09:08:12 +0000
Subject: [PATCH] Add regenerate certificates howto

---
 fedora_messaging_certificates.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/fedora_messaging_certificates.md b/fedora_messaging_certificates.md
index 4e09be5..febd556 100644
--- a/fedora_messaging_certificates.md
+++ b/fedora_messaging_certificates.md
@@ -45,6 +45,28 @@ git push
 
 Source: https://pagure.io/fedora-infrastructure/issue/8638
 
+# Regenerating TLS certificates
+
+* First remove old files
+
+In the staging subdir run
+```
+rm -f pki/reqs/<service_name>.stg.req
+rm -f pki/private/<service_name>.stg.key
+rm -f pki/issued/<service_name>.stg.crt
+rm -f pki/certs_by_serial/<serial_number_of_cert>.pem
+```
+
+Same for production, but without `.stg` in name and the commands need to be run from production subdir
+
+* Remove the cert from `index.txt` and `index.txt.old`
+
+The easiest way around this is to simply to a ``git grep <name of your cert>``.
+It should tell you that the name can be found in ``index.txt`` (and potentially
+``index.txt.old`` if another certificate was generated since the first attempt
+and yours).
+
+* Follow the `How to create TLS certificates for fedora-messaging` section in this How-To
 
 ## Debugging