Comment 4 for bug 2064145

if this is encountered, there seems to be some collision from having two certificate authority charms in the cluster:

for instance

etcd may be related to easyrsa to provide certificates
calico, kubernetes-control-plane -- are related to vault for certificates

There's really no NEED for two certificate authorities. One should drive to use a SINGLE certificate authority source