add instructions for potential future addition of irc self-signed sasl keys

ssl-update.py

@@ -7,6 +7,14 @@ assumptions:
     * firewall has `ssl-update.sh` copied to /usr/local/bin and chmod +x
 """
 
+# TODO: cover this as well:
+# irc sasl cert will expire in 7 years
+# regenerate cert:
+#   openssl req -x509 -new -newkey ed25519 -sha256 -days 1096 -nodes -out user.pem -keyout user.pem
+# get fingerprint:
+#   openssl x509 -in user.pem -noout -fingerprint -sha512 | awk -F= '{gsub(":",""); print tolower ($2)}'
+# /msg nickserv cert add $fingerprint
+
 import datetime
 import logging
 import getpass