diff --git a/changelogs/client_server/3681.clarification b/changelogs/client_server/3681.clarification
new file mode 100644
index 00000000..f7c29003
--- /dev/null
+++ b/changelogs/client_server/3681.clarification
@@ -0,0 +1 @@
+Fix broken syntax in Server Access Control Lists definition.
\ No newline at end of file
diff --git a/data/event-schemas/schema/m.room.server_acl.yaml b/data/event-schemas/schema/m.room.server_acl.yaml
index 3a7128f0..744e5231 100644
--- a/data/event-schemas/schema/m.room.server_acl.yaml
+++ b/data/event-schemas/schema/m.room.server_acl.yaml
@@ -16,11 +16,11 @@ description: |-
   the following order:
 
   1. If there is no `m.room.server_acl` event in the room state, allow.
-  #. If the server name is an IP address (v4 or v6) literal, and `allow_ip_literals`
+  2. If the server name is an IP address (v4 or v6) literal, and `allow_ip_literals`
      is present and `false`, deny.
-  #. If the server name matches an entry in the `deny` list, deny.
-  #. If the server name matches an entry in the `allow` list, allow.
-  #. Otherwise, deny.
+  3. If the server name matches an entry in the `deny` list, deny.
+  4. If the server name matches an entry in the `allow` list, allow.
+  5. Otherwise, deny.
 
   **Note:**
   Server ACLs do not restrict the events relative to the room DAG via authorisation