Comment 3 for bug 2051569

Also in the designate_2 log:

The timestamps for the cert_designate.silo5:

2024-01-28 01:35:59 DEBUG unit.designate/2.juju-log server.go:325 certificates:126: Writing file /etc/apache2/ssl/designate/cert_designate.silo5.lab1.solutionsqa root:designate 640
2024-01-28 01:35:59 DEBUG unit.designate/2.juju-log server.go:325 certificates:126: Writing file /etc/apache2/ssl/designate/key_designate.silo5.lab1.solutionsqa root:designate 640

vs when the apache unit tried to restart:

Jan 28 01:35:35 juju-f7587a-5-lxd-3 systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Jan 28 01:35:35 juju-f7587a-5-lxd-3 systemd[1]: apache2.service: Failed with result 'exit-code'.
Jan 28 01:35:35 juju-f7587a-5-lxd-3 systemd[1]: Failed to start The Apache HTTP Server.

e.g. the certs were written after that attempt to start the apache2 server. Then it was marked inactive: in the sysd journal:

Jan 28 01:35:35 juju-f7587a-5-lxd-3 systemd[1]: apache2.service: Failed with result 'exit-code'.
Jan 28 01:35:35 juju-f7587a-5-lxd-3 systemd[1]: Failed to start The Apache HTTP Server.
...

Jan 28 01:36:08 juju-f7587a-5-lxd-3 systemd[1]: apache2.service: Unit cannot be reloaded because it is inactive.
...
Jan 28 01:38:27 juju-f7587a-5-lxd-3 systemd[1]: apache2.service: Unit cannot be reloaded because it is inactive.

I'm guessing there is a logic error between when the apache conf files are written with the cert files, and when the files are written, with an apache2 restart in-between them.