Add guide how to renew a SSL certificate for fedora service

This renames making-ssl-certificates to ssl-certificates.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>

modules/sysadmin_guide/pages/index.adoc

@@ -177,7 +177,7 @@ xref:developer_guide:sops.adoc[Developing Standard Operating Procedures].
 * xref:simple_koji_ci.adoc[simple_koji_ci]
 * xref:sshaccess.adoc[SSH Access Infrastructure]
 * xref:sshknownhosts.adoc[SSH known hosts Infrastructure]
-* xref:making-ssl-certificates.adoc[SSL Certificate Creation]
+* xref:ssl-certificates.adoc[SSL Certificates]
 * xref:staging.adoc[Staging]
 * xref:tag2distrepo.adoc[Tag2DistRepo Infrastructure]
 * xref:hotness.adoc[The New Hotness]

modules/sysadmin_guide/pages/ssl-certificates.adoc

@@ -1,6 +1,6 @@
-= SSL Certificate Creation SOP
+= SSL Certificates SOP
 
-Every now and then you will need to create an SSL certificate for a
+Every now and then you will need to work with SSL certificate for a
 Fedora Service.
 
 == Creating a CSR for a new server
@@ -51,3 +51,26 @@ Getting Private key
 
 We only want a self-signed certificate to be good for a short time so 30
 days sounds good.
+
+== Renew a SSL certificate
+
+To renew SSL certificate for existing service you can run ansible playbook from batcave:
+
+....
+ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t <name_of_service>
+....
+
+For example
+....
+ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t release-monitoring.org
+....
+
+This will renew the certificates for the service and deploy them on proxies. If some proxies
+fail during the run, just run the playbook again with limiting it only to proxy that failed.
+For example if the previous example failed on `proxy01` you can run the playbook again like this:
+
+....
+ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t release-monitoring.org -l proxy01\*
+....
+
+This will run the playbook only for `proxy01`.