diff --git a/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst b/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
index 656159829..b7c413a4d 100644
--- a/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
+++ b/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
@@ -12,6 +12,12 @@ subcloud of a |DC|. For factory pre-installation, standalone systems must be
 able to be installed locally in the factory, and later deployed and configured
 on-site as a |DC| subcloud without re-installing the system.
 
+A factory pre-installed system can remain staged up to 1 year before
+enrollment. This is a limitation related to certificate recovery, where
+recovery is possible but it requires manual steps. It is recommended to avoid a
+staging period longer than 1 year. However, future versions will support a longer
+staging period.
+
 .. rubric:: |prereq|
 
 The following requirements must be met for factory installation of a system:
@@ -119,16 +125,21 @@ requirements must be met:
 - The subcloud platform networks should be configured with the expected IP
   family (IPv4 or IPv6) because the IP family of a subcloud cannot be updated.
 
-- SSL_CA certs (system_local_ca_cert, system_local_ca_key, and
-  system_root_ca_cert) need to be installed on the factory installed subclouds
-  in ``localhost.yaml`` to enable the |SSL| communication via |OAM| connection during
-  enrollment. The system controller performing the subcloud enrollment needs to
-  have a trusted |CA| that can validate the server certificates used for the
-  factory installed systems. For more details, see :ref:`add-a-trusted-ca`.
+- System local |CA| (system_local_ca_cert, system_local_ca_key, and
+  system_root_ca_cert) needs to be installed on the factory installed subclouds
+  in ``localhost.yaml`` to enable the |SSL| communication via |OAM| connection
+  during enrollment. The System Controller performing the subcloud enrollment
+  needs to have a trusted |CA| that can validate the server certificates used
+  for the factory installed systems. For more details, see
+  :ref:`ansible_bootstrap_configs_platform_issuer`. Ensure that the |CA|
+  certificate used is long lasting and will still be valid at the time of
+  enrollment.
 
-- Kubernetes RootCA certs need to be specified during the factory installation
-  process in ``localhost.yaml``, otherwise, the kube-rootca endpoint will be
-  out of sync and a kube-rootca-strategy is needed to make it in sync.
+- Kubernetes Root |CA| certs need to be specified during the factory
+  installation process in ``localhost.yaml``, otherwise, the kube-rootca endpoint
+  will be out of sync and a kube-rootca-strategy is needed to make it in sync.
+  Ensure that the |CA| certificate used is long lasting and will still be
+  valid at the time of enrollment.
 
 - Additional applications should not be installed on the factory installed
   system before completing the enrollment process.
@@ -324,16 +335,16 @@ Example:
 
     # The password for factory install stage, need to be aligned with user-data
     # The admin password will not be updated during the enrollment. However, it
-    # will be synchronized with the system controller after managing the subcloud.
+    # will be synchronized with the System Controller after managing the subcloud.
     admin_password:
     # password for factory install stage, need to be align with the admin_password
     ansible_become_pass:
-    # optional, need to install the same cert with the system controller, otherwise
+    # optional, need to install the same cert with the System Controller, otherwise
     # the k8s-rootca endpoint will be out-of-sync after enrollment, but can use
     # k8s-rootca-update ochestration to sync it
     k8s_root_ca_cert:
     k8s_root_ca_key:
-    # system SSL CA certs are required, and need to align with the system controllers
+    # system SSL CA certs are required, and need to align with the System Controllers
     system_root_ca_cert:
     system_local_ca_cert:
     system_local_ca_key
@@ -635,8 +646,8 @@ should be similar to the original deployment.
   not specified during factory installation.
 
 - As a subcloud, static routes from the hosts' admin/management gateway to the
-  system controller’s management subnet should be added to establish the
-  communication between the system controllers and the subcloud hosts.
+  System Controller’s management subnet should be added to establish the
+  communication between the System Controllers and the subcloud hosts.
 
 - Hosts should be administratively unlocked in this configuration.
 
@@ -655,8 +666,11 @@ Perform Subcloud Enrollment
 - The software ISO and signature files need to be uploaded on the System
   Controller before the subcloud enrollment.
 
-- Power on the factory-installed server and wait for controller-0 to be
-  enabled and alarm-free.
+- Power on the factory-installed server and wait for controller-0 to be enabled
+  and controller-0 to be free from the 250.XXX and 260.XXX alarms.
+
+- Wait for cert-manager to renew certificates marked as `Automatic [Managed by
+  Cert-Manager]`. Verify with `sudo show-certs.sh` before continuing.
 
 Perform subcloud enrollment using the following command: