diff --git a/How-to-use-Azure-DNS.md b/How-to-use-Azure-DNS.md
index 141921c..c3b43e9 100644
--- a/How-to-use-Azure-DNS.md
+++ b/How-to-use-Azure-DNS.md
@@ -214,3 +214,30 @@ export AZUREDNS_CLIENTSECRET="e.L8Q~4jGhWHheCKjdRzw3gyBBwOmrTyYF9NYbxs"   # pass
 
 acme.sh --issue --dns dns_azure -d example.com -d www.example.com
 ```
+
+#### Update service principal password
+
+The service principal credentials may eventually expire.
+
+Some acme.sh renewal errors that are signs of the credentials expiring:
+
+- `no acccess token received. Check your Azure settings`
+- `access denied make sure your Azure settings are correct`
+
+```
+az ad sp list --filter "displayname eq 'AcmeDnsValidator'" | grep '^    \"id\":'
+```
+
+(The `grep` above is assuming a json array of nested lists is returned with a tab size of two spaces and is finding the top-level `id`)
+
+```json
+    "id": "daaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
+```
+
+```
+az ad sp credential reset --id daaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
+```
+
+Update `~/.acme.sh/account.conf` with the new credentials.
+
+(See [az ad sp credential](https://learn.microsoft.com/en-us/cli/azure/ad/sp/credential?view=azure-cli-latest#az-ad-sp-credential-reset) for details)
\ No newline at end of file