Add documentation about certificate renewal

docs/system-configuration.rst

@@ -134,6 +134,24 @@ Postfix
 Certificate renewal
 -------------------
 
+After adding a new domain the role has to be run once with ``root``
+privileges. Among other things this will create a separate user account
+``certbot`` which can be used to schedule unattended certificate renewals.
+
+.. note:: See :ref:`acme_tiny_ref_example_inventory` for an example how to
+          create a role configuration.
+
+Here an example of a :program:`cron` job which whould renew the certificate
+every month:
+
+:file:`/etc/cron.d/acme-tiny`
+
+.. code-block:: console
+
+    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+    @monthly certbot /usr/bin/ansible-playbook -e @/etc/ansible/vars/mydomain.com.yml /etc/ansible/playbooks/acme_tiny.yml >/dev/null
+
 ..
  Local Variables:
  mode: rst