[15:11:21] <elukey>	 hey folks!
[15:11:44] <elukey>	 puppetserver1001 is currently broken, it seems that there was another occurrence of the issue "cleaning the wrong ssl cert"
[15:12:01] <fabfur>	 hooray!
[15:12:44] <elukey>	 same as https://phabricator.wikimedia.org/T405580, we now have backups, but I have a meeting
[15:12:52] <elukey>	 so I'll fix it soon-ish if nobody beats me to
[15:14:26] <elukey>	 in theory https://phabricator.wikimedia.org/T405580#11214327 is still workable
[15:16:01] <elukey>	 ok trying to fix it
[15:16:04] <elukey>	 seems the easiesrt
[15:18:42] <elukey>	 as reminder: /usr/bin/puppet ssl clean $hostname on puppetserver cleans up the puppetserver's cert, not the target $hostname
[15:20:17] <elukey>	 fixeddd
[16:06:50] <taavi>	 elukey: might be a good idea to set the immutable bit on those files there?
[16:13:05] <cdanis>	 💡
[17:37:48] <elukey>	 taavi: it is a good idea! I am always a little wary to create special use cases, but IIUC it is already not possible to simply renew the puppetserver1001's tls cert without a complex procedure :( Let's sync in January in this