[FAB-16229] Clarify documentation for FAB-15700

This change set adds some more clarifications to the fact that
in order to recover from expired TLS certificates
one needs the orderer node to have a separate listener than
its client/peer servicing one.

Change-Id: Ia91d46ae0d51e8e4d5b21d3b489ee8e724c2e6d9
Signed-off-by: yacovm <yacovm@il.ibm.com>

Author: yacovm

docs/source/raft_configuration.md

@@ -122,8 +122,15 @@ used to further fine tune the cluster communication or replication mechanisms:
    To recover from such a scenario, it is possible to make TLS handshakes
    between ordering nodes consider the time to be shifted backwards a given
    amount that is configured to `TLSHandshakeTimeShift`.
-   It only effects ordering nodes that use a separate gRPC server for their
-   intra-cluster communication (via `general.cluster.ListenPort` and `general.cluster.ListenAddress`).
+   In order to be as uninvasive as possible, this configuration option
+   only effects ordering nodes that use a separate gRPC server for their
+   intra-cluster communication.
+   If your cluster is communicating via the same gRPC server that is used
+   to service clients and peers, you need to first reconfigure your orderer
+   by additionally setting `general.cluster.ListenPort`, `general.cluster.ListenAddress`,
+   `ServerCertificate` and `ServerPrivateKey`, and then restarting the orderer
+   in order for the new configuration to take effect.
+
 
 
 **Consensus parameters:**