Documentation updates (No functional changes)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

ChangeLog

@@ -1,22 +1,21 @@
 Easy-RSA 3 ChangeLog
 
 3.1.1 (TBD)
-   * Resolve long-standing issue with --subca-len=N (#691)
+   * Remove command 'renewable' (#715)
    * Expand 'show-renew', include 'renewed/certs_by_serial' (#700)
-   * Introduce 'renew' (version 3). Only renew cert (#688)
+   * Resolve long-standing issue with --subca-len=N (#691)
+   *  ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md (#690)
    * Require 'openssl-easyrsa.cnf' is up to date (#695}
+   * Introduce 'renew' (version 3). Only renew cert (#688)
    * Always ensure X509-types files exist (#581 #696)
-   * Remove renew-req (#684)
-   * Re-enable use of '--vars=FILE init-pki' #640 (Revert #566)
+   * Expand alias '--days' to all suitable options with a period (#674)
    * Introduce --keep-tmp, keep temp files for debugging (#667)
-   * Introduce Quiet mode option -q|--quiet, disable information output
-       8b7e79096b18afc5c61bfbaee204c1f7401f0019
-   * Introduce renew-req, create a new CSR for an existing key (#616)
-     Superseded by #684
+   * Introduce Option -q|--quiet, disable information output (#703)
    * Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606)
    * Support ampersand and dollar-sign in vars file (#590)
    * Introduce 'rewind-renew' (#579)
    * Expand status reports to include checking a single cert (#577)
+   * Introduce 'revoke-renewed' (#547)
    * update OpenSSL for Windows to 3.0.5
 
 3.1.0 (2022-05-18)
@@ -27,7 +26,6 @@ Easy-RSA 3 ChangeLog
    * Allow certificates to be created with fixed date offset (#550)
    * Add 'verify' to verify certificate against CA (#549)
    * Add PKCS#12 alias 'friendlyName' (#544)
-   * Disallow use of '--vars=FILE init-pki' (#566)
    * Support multiple IP-Addresses in SAN (#564)
    * Add option '--renew-days=NN', custom renew grace period (#557)
    * Add 'nopass' option to the 'export-pkcs' functions (#411)

doc/EasyRSA-Contributing.md

@@ -53,6 +53,8 @@ Contributing Guide
     git commit -sS
     ```
 
+    Please write a detailed commit message.
+
     github `help` has details of creating a private key.
 
     Using github `no-reply` email address is suitable for the `Signed-off-by:`

doc/EasyRSA-Renew-and-Revoke.md

@@ -120,3 +120,11 @@ The follow is an exhaustive list of available `reason` codes:
 - `certificateHold`
 
   `reason` must be one of these codes, otherwise not be used.
+
+
+About command `rebuild`
+-----------------------
+
+If `rebuild` is used then the output directory of old certificate, key and
+request is also the `renewed` directory.  Use **`revoke-renewed`** to revoke
+an old certificate/key pair, which has been _rebuilt_ by command `rebuild`.

easyrsa3/easyrsa

@@ -1141,7 +1141,9 @@ install_data_to_pki () {
 # Currently, *if* 'vars' is copied to the PKI then the PKI 'vars' will take
 # priority over './vars'. But it will not be updated if './vars' is changed.
 #
-# Copying 'vars' to the PKI is complicated, code is included but DISABLED.
+# For that reason a vars file in the PKI is only created during init-pki.
+# For old PKIs where vars is elsewhere a warning is issued that the PKI
+# folder is the preferred location of vars.
 
 	# debug log on
 	if [ "$EASYRSA_DEBUG" ]; then print ">> DEBUG-ON <<"; set -x; fi