Add some vital details to guide for solving certificate sync issues

Author: mortenlj

docs/persistence/postgres/how-to/certification-sync-issues.md

@@ -1,5 +1,5 @@
 ---
-title: Delete database client certificate
+title: Certification sync issues
 tags: [postgres, certificate, how-to]
 ---
 
@@ -10,7 +10,16 @@ Your deploy may fail with an error message such as the one below:
 MountVolume.SetUp failed for volume "sqeletor-sql-ssl-cert" : secret "sqeletor-<podname>" not found
 ```
 
-To delete the database client credentials for your application, in Google Cloud Console navigate to [Cloud SQL instances](https://console.cloud.google.com/sql/instances) -> <your_instance> -> Connections -> Security, and then scroll down to _Manage client certificates_ and delete your certificate there.
+This message can show up for a number of reasons (see our [troubleshooting guide](../../../workloads/how-to/troubleshooting.md)), so be sure to confirm that the certificate is the issue before proceeding.
+
+```bash
+$ kubectl describe sqlsslcert -lapp=<your_app>
+```
+
+Under `Events` you should see an error detailing the reason for the failure.
+If the error mentions an already existing certificate, you can delete it.
+
+To delete the database client certificate for your application, in Google Cloud Console navigate to [Cloud SQL instances](https://console.cloud.google.com/sql/instances) -> <your_instance> -> Connections -> Security, and then scroll down to _Manage client certificates_ and delete your certificate there.
 
 This can also be done using the `gcloud`-cli.
 
@@ -19,4 +28,4 @@ $ gcloud sql ssl client-certs delete COMMON_NAME --instance=INSTANCE
 ```
 
 _COMMON_NAME_ is usually equal to _INSTANCE_, which is usually equal to application name.
-Run `kubectl describe sqlsslcert <certificate>` to find _COMMON_NAME_ and _INSTANCE_ for one specific certificate.
+The output of the `kubectl describe sqlsslcert` command you did earlier will contain the relevant values for _COMMON_NAME_ and _INSTANCE_.