Add docs for using DNS01

Sem-Ver: docs
Change-Id: I491161f0aa0b2ea4560487da06a5364f14e40465
diff --git a/docs/certificates.md b/docs/certificates.md
index fd32d47..7772774 100644
--- a/docs/certificates.md
+++ b/docs/certificates.md
@@ -1,5 +1,52 @@
 # Certificates
 
+## Using LetsEncrypt DNS challenges
+
+### RFC2136
+
+If you have DNS server that supports RFC2136, you can use it to solve the DNS
+challenges, you'll need to have the following information:
+
+- Email address
+- Nameserver IP address
+- TSIG Algorithm
+- TSIG Key Name
+- TSIG Key Secret
+
+You'll need to update your Ansible inventory to be the following:
+
+```yaml
+cert_manager_issuer:
+  acme:
+    email: <EMAIL>
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+    - dns01:
+        rfc2136:
+          nameserver: <NS>:<PORT>
+          tsigAlgorithm: <ALGORITHM>
+          tsigKeyName: <NAME>
+          tsigSecretSecretRef:
+            key: tsig-secret-key
+            name: tsig-secret
+```
+
+After you're done, you'll need to add a new secret to the Kubernetes cluster,
+you will need to do it by using the following YAML file:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tsig-secret
+  namespace: openstack
+type: Opaque
+stringData:
+  tsig-secret-key: <KEY>
+```
+
 ## Using self-signed certificates
 
 If you are in an environment which does not have a trusted certificate authority
@@ -10,4 +57,4 @@
 cert_manager_issuer:
   ca:
     secretName: root-secret
-```
\ No newline at end of file
+```
diff --git a/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml b/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml
new file mode 100644
index 0000000..75d8d54
--- /dev/null
+++ b/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Added documentation to using DNS01 challenges for certificates.