doc: increase recommended wait time for new certificates to 5 days

Author: timmywil

doc/cdn-cert.md

@@ -42,7 +42,7 @@ Renewal in 2023: https://github.com/jquery/infrastructure-puppet/issues/21
 2. Enable for a **secondary service** at Fastly, such as "miscweb" (https://podcast.jquery.com) or "code2".
 3. **Verify**. In a browser of your choice, verify that when viewing a page on the secondary domain, that the browser is in fact using our new certificate. Check the expiry date to confirm this.
 4. **Test cross-browser**. Once you've confirmed that the new cert is deployed and used, it's time to test it across a wide range of browsers. Especially old browsers that don't support certain kinds of TLS versions or cipher suites. You can use BrowserStack to go through old Windows/IE versions and old iPhone devices until you encounter a failure. Then confirm that there are no old browsers that fail on the new certificate, unless that same browser also already fails to open https://releases.jquery.com. Confirm that the old/new domain are both browseable over plain HTTP without issue/redirect.
-5. **Wait 48 hours** before deploying the new cert to our primary services. This is to account for clockskew on real devices. Certificates will be considered invalid by browsers if their local system clock says the new certificate's begin date ("Not before") has not yet started. Learn more about why at https://phabricator.wikimedia.org/T196248.
+5. **Wait 5 days** before deploying the new cert to our primary services. This is to account for clockskew on real devices. Certificates will be considered invalid by browsers if their local system clock says the new certificate's begin date ("Not before") has not yet started. Learn more about why at https://phabricator.wikimedia.org/T196248.
 6. Enable the new cert for all services.
 7. **Delete your unencrypted** star.jquery.com.key file from your workstation.