From cfb2e9dc58ba3603347d0dbe80e797f7fcca6461 Mon Sep 17 00:00:00 2001
From: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Date: Tue, 27 Nov 2018 10:23:23 -0800
Subject: [PATCH] serving/ssl: add 90d warning about letsencrypt (#393)

* serving/ssl: add 90d warning about letsencrypt

I don't think certbot method listed here is renewing LE certs. It's especially
important as LE certs expire every 90 days, so I'm adding a warning.

Also using the Let's Encrypt spelling.

Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>

* move warning up

* Update using-an-ssl-cert.md
---
 serving/using-an-ssl-cert.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/serving/using-an-ssl-cert.md b/serving/using-an-ssl-cert.md
index a46d525ff..a53df42e8 100644
--- a/serving/using-an-ssl-cert.md
+++ b/serving/using-an-ssl-cert.md
@@ -73,11 +73,16 @@ spec:
 Once the change has been made, you can now use the HTTPS protocol to access
 your deployed services.
 
+## Obtaining an SSL/TLS certificate using Let’s Encrypt through CertBot
 
-## Obtaining an SSL/TLS certificate using LetsEncrypt through CertBot
+If you don't have an existing SSL/TLS certificate, you can use [Let's
+Encrypt][le] to obtain a certificate manually.
 
-If you don't have an existing SSL/TLS certificate, you can use [LetsEncrypt](https://letsencrypt.org)
-to obtain a certificate manually.
+> **Warning:** Certificates issued by [Let's Encrypt][le] are only valid for
+> [90 days](https://letsencrypt.org/docs/faq/). You must renew your certificate
+> with the certbot tool again every 90 days.
+
+[le]: https://letsencrypt.org/
 
 1. Install the `certbot-auto` script from the [Certbot website](https://certbot.eff.org/docs/install.html#certbot-auto).
 1. Use the certbot to request a certificate, using DNS validation. The certbot tool will walk