diff --git a/modules/sysadmin_guide/pages/fedmsg-certs.adoc b/modules/sysadmin_guide/pages/fedmsg-certs.adoc
index 05b7a6b..d54f7cb 100644
--- a/modules/sysadmin_guide/pages/fedmsg-certs.adoc
+++ b/modules/sysadmin_guide/pages/fedmsg-certs.adoc
@@ -176,3 +176,24 @@ panic. :)
 At the time of this writing, the CRL is not actually used. I need one
 publicly available first so we can test it out.
 ====
+
+== Regenerating the CRL
+
+When the CRL has expired, it needs to be re-generated and re-published.
+
+In the private repo:
+
+....
+$ cd files/fedmsg-certs
+$ source ./vars
+$ ./regen-crl
+$ git commit -a -s -m "Regenerate the fedmsg CRL"
+$ git push
+....
+
+Then run the proxies playbook including only the `fedmsg/crl` tag to publish
+the updated CRL:
+
+....
+$ rbac-playbook playbooks/groups/proxies.yml -t fedmsg/crl
+....