N1C CSG unmanaged certificates

[sylwang]

Proposed changes

Checklist

Before sharing this pull request, I completed the following checklist:

• I read the Contributing guidelines
• My branch adheres to the Git conventions
• My content changes adhere to the F5 NGINX Documentation style guide
• If my changes involve potentially sensitive information¹, I have assessed the possible impact
• I have waited to ensure my changes pass tests, and addressed any discovered issues

Footnotes

1. Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩

[github-actions]

✅ Deploy Preview will be available once build job completes!

Name	Link
😎 Deploy Preview	https://frontdoor-test-docs.nginx.com/previews/docs/1597/

---

[mjang]

@sylwang overall, this is excellent. I plan to comment on a few details.

But first, a "big picture" question. I know that you can have unmanaged certs with an instance. I'm tempted to recommend moving unmanaged-certificates.md to the content/nginx-one-console/nginx-configs/certificates directory

[mjang]

Hi @sylwang , you're an excellent writer. My suggested changes mostly relate to F5 styles.

[mjang]

Markdown format rule (look up MD022)

Suggested change

	### Unmanaged certificates in Config Sync Groups
	### Unmanaged certificates in Config Sync Groups

[mjang]

Moving phrase to the start of the next paragraph.

Suggested change

	Config Sync Groups (CSGs) in NGINX One Console ensure configuration consistency across connected NGINX instances. While managed certificates uploaded through the Console are automatically synchronized and tracked, unmanaged certificates follow a different model that provides visibility without automated management.
	Config Sync Groups (CSGs) in NGINX One Console ensure configuration consistency across connected NGINX instances. While managed certificates uploaded through the Console are automatically synchronized and tracked, unmanaged certificates follow a different model.

[mjang]

Suggestion (not a requirement): add an intro to the subsections that follow:

Suggested change

	If you have unmanaged certificates with CSGs, consider the following factors:

[mjang]

Suggested change

	To use unmanaged certificates effectively in Config Sync Groups, you must:
	To use unmanaged certificates effectively in Config Sync Groups, you must address these issues:

[mjang]

Suggested change

	NGINX One Console still helps you track unmanaged certificates:

[mjang]

Just checking. Is it CSG or certificate publication that can fail?

[mjang]

If it is CSG publication that can fail, I'd change current line 44 (comment added there)

[mjang]

For consistency:

Suggested change

	- **Manual updates**: You must manually update certificates on each instance when they expire or need rotation
	- **Manual updates**: Certificates must be manually updated on each instance

[mjang]

We avoid gerunds (-ing words) in section titles. Exception: troubleshooting

Suggested change

	## Working with unmanaged certificates
	## Work with unmanaged certificates

[mjang]

If it's actually CSG publication that may fail, I suggest revising this to:

Suggested change

	If certificate file paths differ between instances:
	If certificates are identical, but their file paths differ by instance:

[mjang]

I see you've numbered these options. In general, I number steps when users have to do them, in order.

If ordering is not required, I'd replace the numbers with bullets

[mjang]

FYI, I'll be working Dec 22, 23, 29, 30, 31. I might be the only writer available during these days -- and I have no problem merging on my own, once we've addressed these suggestions.