From 8d37a981d1f25f9b47336f6d65c24e30fdf77384 Mon Sep 17 00:00:00 2001
From: alexaladov-codefresh
 <44968728+alexaladov-codefresh@users.noreply.github.com>
Date: Fri, 13 Mar 2026 11:17:09 +0100
Subject: [PATCH] Update README.md

Added Windows runtimes cert renewal procedure
---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.md b/README.md
index df3b3d0d4f..456cdb8c37 100644
--- a/README.md
+++ b/README.md
@@ -2684,6 +2684,22 @@ Delete `codefresh-certs-server` k8s secret and run [./configure-dind-certs.sh](h
 kubectl -n $NAMESPACE delete secret codefresh-certs-server
 ./configure-dind-certs.sh -n $RUNTIME_NAMESPACE https://$CODEFRESH_HOST $CODEFRESH_API_TOKEN
 ```
+**Case C: Windows runtimes**
+
+For Windows runtimes, you must perform the following steps:
+
+1. Obtain a node registration token (you can generate it in any account with the privateNodes feature enabled).  
+2. Prepare the following parameters (the same for all Windows nodes):  
+   * The node registration token  
+   * The correct Docker root path (may vary)  
+   * The platform API address  
+3. On each Windows node, one by one:  
+   * Run the following PowerShell script:  
+     [docker-vm/hybrid/gen-docker-certs.ps1 at master · codefresh-io/docker-vm](https://github.com/codefresh-io/docker-vm/blob/master/hybrid/gen-docker-certs.ps1)  
+   * Provide the IP address of the specific node when running the script.  
+4. After the script completes, restart the Docker service on the node to ensure the new certificates are applied.
+
+Repeat these steps for every Windows node in the runtime.  
 
 ### Consul Error: Refusing to rejoin cluster because the server has been offline for more than the configured server_rejoin_age_max