diff --git a/ssl-update.py b/ssl-update.py
index 2083636..f865730 100755
--- a/ssl-update.py
+++ b/ssl-update.py
@@ -8,12 +8,15 @@ assumptions:
 """
 
 # TODO: cover this as well:
-# irc sasl cert will expire in 7 years
+# irc sasl cert will expire in 50 years
 # regenerate cert:
-#   openssl req -x509 -new -newkey ed25519 -sha256 -days 1096 -nodes -out user.pem -keyout user.pem
-# get fingerprint:
+#   openssl req -x509 -new -newkey ed25519 -sha256 -days 18265 -nodes -out user.pem -keyout user.pem
+# get fingerprint (librechat at this time OK with sha512 fingerprint)
 #   openssl x509 -in user.pem -noout -fingerprint -sha512 | awk -F= '{gsub(":",""); print tolower ($2)}'
+# get fingerprint (OFTC at this time _wont_ take sha512, only sha1)
+#   openssl x509 -in user.pem -noout -fingerprint -sha1 | awk -F= '{gsub(":",""); print tolower ($2)}'
 # /msg nickserv cert add $fingerprint
+# can't certfp auth external on hackint. tried ed25519/rsa 4096/rsa 2048 with both sha512 and sha1 fingerprints, no luck..
 
 import datetime
 import logging