diff --git a/docs/30_Usage.md b/docs/30_Usage.md
index f10d389318dca08795655d4326baad94b61f993e..7d37cb28e93c2979d2433fe611e522ff387c8828 100644
--- a/docs/30_Usage.md
+++ b/docs/30_Usage.md
@@ -173,3 +173,16 @@ to get a list of existing certs an then use the hostname in the 1st column to sh
 In **log/certmanager.log** you find a logging about time of changes for a certificate: when it was added, renewed, deleted. A skipped renew execution (even if it was triggered internally by "ensure") won't be logged.
 
 Additionally there is a --trace option (must be the 1st param) - an execution output will be put to logfile that contains domain and timestamp.
+
+## List old certificates
+
+If you have many ssl certificates - during the time there are outdated domains and unneeded certificate files.
+The parameter `list-old` shows old certificates in 2 blocks:
+
+* Certificates with age 65 ... 90 days<br>Remark: the Certificates are valid for 90 days. The will be renewed 4 weeks before expiration. This list shows certificates that are still valid but should bew renewed soon.
+* Certificates older 90 days<br>Remark: expired certificates. Use `[APPPATH]/cm.sh delete <Domain>` to delete the files.
+
+Exitcodes:
+0 - all certs are up to date.
+1 - certificates to renew were found
+2 - outdatedt certificates were found