install.texi | 17 ++++-------------

diff --git a/install.texi b/install.texi
index 010d35edd324d83b76ff1e60e478b614c867e9fa33e02b5038ff72a8d3c623e5..784b12fb59840f2fc981ce827f491da3b9bf6b50e04be8b3482e2024c6b3943b 100644
--- a/install.texi
+++ b/install.texi
@@ -53,8 +53,8 @@ @example
 $ go install go.cypherpunks.ru/gogost/v5/cmd/streebog256@@latest
 @end example
 
-@code{go.cypherpunks.ru} uses @code{ca.cypherpunks.ru} X.509 CA
-authority, that may complicate installation:
+Aware that @code{go.cypherpunks.ru} uses
+@url{//www.ca.cypherpunks.ru, ca.cypherpunks.ru} X.509 certificate authority.
 
 @itemize
 
@@ -63,17 +63,8 @@ services won't be able to verify @code{go.cypherpunks.ru}'s TLS
 authenticity, because there are no common trust anchors. You can skip
 their usage by setting @env{$GOPRIVATE=go.cypherpunks.ru}.
 
-@item You can (temporarily) override CA certificate bundle during installation:
-
-@example
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem.@{asc,sig,minisig@}
-$ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
-$ gpg --auto-key-locate  wkd --locate-keys stargrave at gnupg dot net
-$ gpg --verify cert.pem.asc
-$ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem go get \
-    go.cypherpunks.ru/gogost/v5
-@end example
+@item You can (temporarily) override CA bundle during installation with
+@env{$SSL_CERT_FILE} environment variable.
 
 @item You can unpack tarball somewhere and use @code{replace} command in
 your local @file{go.mod}: