diff --git a/tsa/howto/puppet.mdwn b/tsa/howto/puppet.mdwn
index d5cdabfe93eb4b2b1837f086468776afff15f8e1..3c5f97238776b0eb552e50c88c0b4bd43de835d8 100644
--- a/tsa/howto/puppet.mdwn
+++ b/tsa/howto/puppet.mdwn
@@ -586,28 +586,25 @@ as well.
 
 ## Revoking and generating a new certificate for a host
 
-Revocation procedures problems were discussed in:
+Revocation procedures problems were discussed in [33587][] and [33446][].
 
-[#33587]: https://trac.torproject.org/projects/tor/ticket/33587
-[#33446]: https://trac.torproject.org/projects/tor/ticket/33446#comment:17
+[33587]: https://trac.torproject.org/projects/tor/ticket/33587
+[33446]: https://trac.torproject.org/projects/tor/ticket/33446#comment:17
 
-1. Clean the certificate on the master
+ 1. Clean the certificate on the master
 
-`puppet cert clean host.torproject.org
-`
-2. Clean the certificate on the client:
+        puppet cert clean host.torproject.org
 
-`find /var/lib/puppet/ssl -name host.torproject.org.pem -delete
-`
+ 2. Clean the certificate on the client:
 
-Then run the bootstrap script on the client from `tsa-misc/installer/puppet-bootstrap-client `
-and get a new checksum
+        find /var/lib/puppet/ssl -name host.torproject.org.pem -delete
 
-Run `tpa-puppet-sign-client` on the master and pass the checksum.
+ 3. Then run the bootstrap script on the client from
+    `tsa-misc/installer/puppet-bootstrap-client ` and get a new checksum
 
-The client will pick it up from there.
+ 4. Run `tpa-puppet-sign-client` on the master and pass the checksum
 
-Run `puppet agent -t` to have puppet running on the client again.
+ 5. Run `puppet agent -t` to have puppet running on the client again.
 
 # Reference