Note: Doc team updates the current version of the documentation and the
two previous versions (n-2), but we address *only high-priority, or
customer-reported issues* for -2 releases in support.
Describe the changes in the doc and link to your dev story:

1. - [x] Mandatory: Add the required version to the Fix version/s field.
All supported ACM versions inclduing ACM 2.13.0

2. - [x] Mandatory: Choose the type of documentation change or review.

• [x] We need to update to an existing topic
  https://github.com/stolostron/rhacm-docs/blob/fa4d619229952ad7f2c5803310dabdd3964e1603/securing_cluster/cert_byo.adoc
• and
• [x] We need to add/update/move this existing topic
  https://github.com/stolostron/rhacm-docs/blob/fa4d619229952ad7f2c5803310dabdd3964e1603/securing_cluster/cert_manage.adoc#replacing-certificates-for-alertmanager-route

3. - [ ] *Mandatory: *Use the following link to open the doc and find where the
documentation update should go. Note: As the feature and doc is
understood and developed, this placement decision may change:

• Published doc: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10
• Source: https://github.com/stolostron/rhacm-docs

Same as links in section 2

4. - [ ] Mandatory for GA content:

• [ ] Add steps, the diff, known issue, and/or other important
  conceptual information in the following space:

• [ ] *Add Required access level *(example, *Cluster
  Administrator*) for the user to complete the task:

• [ ] Add verification at the end of the task, how does the user
  verify success (a command to run or a result to see?)

• [ ] Add link to dev story here:

5. - [x] Mandatory for bugs: What is the diff? Clearly define what the
problem is, what the change is, and link to the current documentation. Only
use this for a documentation bug.

Work item https://issues.redhat.com/browse/ACM-17885 has update #3 which says to the following new topic.

Start:

Create a new topic "Replacing certificates for rbac-query-proxy route" (parallel to "Replacing certificates for alertmanager route" topic)

You can also replace certificates for the rbac-query-proxy route. See OpenSSL commands to generate CA certificate to create certificates. When creating a Certificate Signing Request (CSR) using the csr.cnf file, ensure that you update the DNS.1 field under the subjectAltName section to match the hostname of the rbac-query-proxy route.

This hostname can be retrieved using the following command:

oc get route rbac-query-proxy -n open-cluster-management-observability -o jsonpath="

"

Run the following command to create proxy-byo-ca and proxy-byo-cert secrets using the generated certificates:

oc -n open-cluster-management-observability create secret tls proxy-byo-ca --cert ./ca.crt --key ./ca.key

oc -n open-cluster-management-observability create secret tls proxy-byo-cert --cert ./ingress.crt --key ./ingress.key

End:

The content above should be moved to the BYO section of the certificate documentation.  cert_byo.adoc

Additional fixes to the BYO content is still needed to make sure the procedure is correct.  In the end there should be 3 BYO certificate flows. 

1. The existing Observability content smeduri1@redhat.com is this the observatorium cert?
2. The alert manager certificate BYO procedure which should be moved from the replacing certs chapter.
3. The new topic detailed in the information above (and in https://issues.redhat.com/browse/ACM-17885)