On puppetmaster1001.wikimedia.org:
```
andrew@puppetmaster1001:/srv/private/modules/secret/secrets/puppetmaster$ tail /etc/puppet/puppet.conf
storeconfigs = true
storeconfigs_backend = puppetdb
stringify_facts = false
always_cache_features = true
trusted_node_data = true
# SSL
ssldir = /var/lib/puppet/server/ssl/
hostcert = /var/lib/puppet/server/ssl/certs/puppetmaster1001.eqiad.wmnet.pem
hostprivkey = /var/lib/puppet/server/ssl/private_keys/puppetmaster1001.eqiad.wmnet.pem
andrew@puppetmaster1001:/srv/private/modules/secret/secrets/puppetmaster$ sudo ls /var/lib/puppet/server/ssl/certs/puppetmaster1001.eqiad.wmnet.pem
ls: cannot access '/var/lib/puppet/server/ssl/certs/puppetmaster1001.eqiad.wmnet.pem': No such file or directory
andrew@puppetmaster1001:/srv/private/modules/secret/secrets/puppetmaster$ sudo ls /var/lib/puppet/server/ssl/private_keys/puppetmaster1001.eqiad.wmnet.pem
ls: cannot access '/var/lib/puppet/server/ssl/private_keys/puppetmaster1001.eqiad.wmnet.pem': No such file or directory
andrew@puppetmaster1001:/srv/private/modules/secret/secrets/puppetmaster$
```
Both $hostcert and $hostprivkey refer to files that don't actually exist. Clearly we're getting along fine without them, but this still seems kind of bad... I'm trying to troubleshoot an issue with a different puppetmaster (T181523) and have discovered that puppetmaster1001 is maybe not a great example to follow.