From 5a44ec98dfb66c7657d482a87c45f589a2433658 Mon Sep 17 00:00:00 2001
From: Itay Grudev <itay+github.com@grudev.com>
Date: Wed, 1 Mar 2023 00:24:23 +0200
Subject: [PATCH] Added documentation for the cert-manager.io/duration possible
 values.

---
 README.org | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.org b/README.org
index 37eec92..3fc7e2b 100644
--- a/README.org
+++ b/README.org
@@ -109,7 +109,17 @@ spec:
     name: prod-issuer
 #+END_SRC
 
-Note that the Origin CA API has stricter limitations than the Certificate object. For example, DNS SANs must be used, IP addresses are not allowed, and further restrictions on wildcards. See the Origin CA documentation for further details.
+*Note* that the Origin CA API has stricter limitations than the Certificate object. For example, DNS SANs must be used, IP addresses are not allowed, and further restrictions on wildcards. Furthermore it only allows issuance of certificates with the following duration:
+
++ =168h= - /7 days/
++ =720h= - /30 days/
++ =2160h= - /90 days/
++ =8760h= - /1 year/
++ =17520h= - /2 years/
++ =26280h= - /3 years/
++ =131400h= - /15 years/
+
+See the [[https://developers.cloudflare.com/api/operations/origin-ca-create-certificate][Origin CA documentation]] for further details.
 
 ** Ingress Certificate
 You can use cert-manager's support for [[https://cert-manager.io/docs/usage/ingress/][Securing Ingress Resources]] along with the Origin CA Issuer to automatically create and renew certificates for Ingress resources, without needing to create a Certificate resource manually.