serving/ssl: add 90d warning about letsencrypt (#393)

* serving/ssl: add 90d warning about letsencrypt

I don't think certbot method listed here is renewing LE certs. It's especially
important as LE certs expire every 90 days, so I'm adding a warning.

Also using the Let's Encrypt spelling.

Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>

* move warning up

* Update using-an-ssl-cert.md

serving/using-an-ssl-cert.md

@@ -73,11 +73,16 @@ spec:
 Once the change has been made, you can now use the HTTPS protocol to access
 your deployed services.
 
+## Obtaining an SSL/TLS certificate using Let’s Encrypt through CertBot
 
-## Obtaining an SSL/TLS certificate using LetsEncrypt through CertBot
+If you don't have an existing SSL/TLS certificate, you can use [Let's
+Encrypt][le] to obtain a certificate manually.
 
-If you don't have an existing SSL/TLS certificate, you can use [LetsEncrypt](https://letsencrypt.org)
+> **Warning:** Certificates issued by [Let's Encrypt][le] are only valid for
-to obtain a certificate manually.
+> [90 days](https://letsencrypt.org/docs/faq/). You must renew your certificate
+> with the certbot tool again every 90 days.
+
+[le]: https://letsencrypt.org/
 
 1. Install the `certbot-auto` script from the [Certbot website](https://certbot.eff.org/docs/install.html#certbot-auto).
 1. Use the certbot to request a certificate, using DNS validation. The certbot tool will walk