updates

README.md

@@ -29,7 +29,31 @@ the IP.
 
 Usually, the IP address is not static, hence this script comes handy.
 
-## Example usage
+## Script logic
+
+- generate CA certificate if does not find any
+- always generate server certificate on startup to ensure all IP addresses
+  are in x509 SAN
+- warn if the CA certificate is about to expire (<30 days till expiration)
+- regenerate the CA certificate if it finds it has expired
+
+## Notes
+
+- The CA certificate will be valid for 3650 days (10 years)
+- The server certifcate will be valid for 365 days (1 year)
+- The x509 certs are ECDSA with prime256v1 curve and SHA256 signatures
+
+## Testing
+
+I have added a simplistic script [testme.sh](testme.sh) that helps to test this
+script in the following  Linux distributions:
+
+- Alpine 3.7
+- Ubuntu Bionic
+- Debian Stretch
+- CentOS 7
+
+## Usage example
 
 ### Minio server with Traefik example
 
@@ -55,26 +79,3 @@ Usually, the IP address is not static, hence this script comes handy.
 > ``/usr/local/share/ca-certificates/``, otherwise one of these
 > https://golang.org/src/crypto/x509/root_linux.go
 
-## Script logic
-
-- generate CA certificate if does not find any
-- always generate server certificate on startup to ensure all IP addresses
-  are in x509 SAN
-- warn if the CA certificate is about to expire (<30 days till expiration)
-- regenerate the CA certificate if it finds it has expired
-
-## Notes
-
-- The CA certificate will be valid for 3650 days (10 years)
-- The server certifcate will be valid for 365 days (1 year)
-- The x509 certs are ECDSA with prime256v1 curve and SHA256 signatures
-
-## Testing
-
-I have added a simplistic script [testme.sh](testme.sh) that helps to test this
-script in the following  Linux distributions:
-
-- Alpine 3.7
-- Ubuntu Bionic
-- Debian Stretch
-- CentOS 7