From 656bd1420d47d160996205de73b7880bc6573840 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Mon, 11 Sep 2023 11:30:19 +0000
Subject: [PATCH] Finalise merge docs from latest into develop

---
 docs/source/deployment/deploy_sre.md | 35 ++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/source/deployment/deploy_sre.md b/docs/source/deployment/deploy_sre.md
index e5c5353b42..fe95d4b391 100644
--- a/docs/source/deployment/deploy_sre.md
+++ b/docs/source/deployment/deploy_sre.md
@@ -105,6 +105,41 @@ PS> ./Setup_SRE_Guacamole_Servers.ps1 -shmId <SHM ID> -sreId <SRE ID>
 
 </details>
 
+<details>
+<summary><strong>Update SSL certificate</strong></summary>
+
+![Powershell: five minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=five%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup`
+
+```powershell
+PS> ./Update_SRE_SSL_Certificate.ps1 -shmId <SHM ID> -sreId <SRE ID>
+```
+
+- where `<SHM ID>` is the {ref}`management environment ID <roles_deployer_shm_id>` for this SHM
+- where `<SRE ID>` is the {ref}`secure research environment ID <roles_deployer_sre_id>` for this SRE
+- where `<email>` is an email address that you want to be notified when certificates are close to expiry
+
+```{tip}
+`./Update_SRE_RDS_SSL_Certificate.ps1` should be run again whenever you want to update the certificate for this SRE.
+```
+
+```{caution}
+`Let's Encrypt` will only issue **5 certificates per week** for a particular host (e.g. `rdg-sre-sandbox.project.turingsafehaven.ac.uk`).
+To reduce the number of calls to `Let's Encrypt`, the signed certificates are stored in the Key Vault for easy redeployment.
+For production environments this should usually not be an issue.
+```
+
+````{important}
+If you find yourself frequently redeploying a test environment and hit the `Let's Encrypt` certificate limit, you can can use:
+
+```powershell
+> ./Update_SRE_RDS_SSL_Certificate.ps1 -dryRun $true
+```
+
+to use the `Let's Encrypt` staging server, which will issue certificates more frequently.
+These certificates will **not** be trusted by your browser, and so should not be used in production.
+````
+</details>
+
 <details>
 <summary><strong>Deploy web applications (CodiMD and GitLab)</strong></summary>