Describe manual actions for certificate update

Issue-ID: OOM-2752
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: I4898e2b36aed2954be54f9a85f77287894a0483f

2 files changed, 16 insertions, 2 deletions

diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst
index ecd0ea6c..094d10bf 100644
--- a/docs/sections/release-notes.rst
+++ b/docs/sections/release-notes.rst
@@ -61,7 +61,8 @@ New features
 
 **Known Issues**
 
-None
+If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
+The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
 
 Deliverables
 ------------
diff --git a/docs/sections/troubleshooting.rst b/docs/sections/troubleshooting.rst
index 192a9d6a..87989cb7 100644
--- a/docs/sections/troubleshooting.rst
+++ b/docs/sections/troubleshooting.rst
@@ -1,9 +1,22 @@
 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2020 NOKIA
+.. Copyright 2020-2021 NOKIA
+.. _troubleshooting:
 
 Troubleshooting
 ================
 
+Update an outdated certificate after Cert-Manager was down
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+When a certificate expires because Cert-Manager was not able to trigger the update on time, for some CMPv2 servers, e.g.
+EJBCA, there are manual actions required to perform the update.
 
+Given the expired certificate status is *READY=False*:
+
+    1. Edit the cert resource. It can be e.g. a small change in SANs.
+    2. Use the cert-manager plugin *renew* command to trigger the update manually.
+    3. Edit the cert again to revert the changes.
+    4. Trigger the update manually.
+
+The certificate should now be alive and updated correctly.