[08:22:16] <btullis>	 Quick question (and I hope that this is the right channel for it): Why are we getting so many SSL errors from CA App Synthetic Monitor at the moment? Has it increased, or should I just be filtering these away and not worrying about them?
[08:24:24] <moritzm>	 they're apparently unable to fix their monitoring stack to be compatible with the recent LE cert change
[08:24:55] <moritzm>	 https://phabricator.wikimedia.org/T292603
[08:32:36] <btullis>	 Ah, thanks. Perfect.
[13:05:35] <lmata>	 btullis: the checks are configured to "remind" every hour. However the flapping comes as their network doesn't seem to be evenly patched, some probes fail and some work as intended causing the "flapping" and excess reminders.
[13:09:39] <btullis>	 Yes, I see. Thanks. Bit rubbish of CA isn't it?
[13:10:13] <lmata>	 hah, yes its quite unfortunate
[13:17:01] <volans>	 technically their checks are running from different endpoints, when they use endpoints that resolve us to esams/eqsin they get a non-LE cert that has no issues, when they use endpoints that hit eqiad/codfw they hit the LE cert for which there is the issue of the expired CA cert
[13:18:20] <lmata>	 thanks for the added context. would  you mind if I copy this into the phabricator task :-) 
[13:22:45] <volans>	 ulsfo too uses LE fwiw