Some of the SSL files are missing when binding to multiple spaces

OpenStack control services have been deployed based on charms from 17.08 release in juju environment with the followign spaces:

tytus@maas:~$ juju spaces
Space Subnets
openstack-admin 10.24.111.0/24
openstack-internal 10.24.112.0/24
openstack-public 10.24.113.0/24

All of them were bound to the above spaces using the following statement in the bundle:

bindings:
  admin: "openstack-admin"
  internal: "openstack-internal"
  public: "openstack-public"

Later on SSL options were set which resulted in the following state;

<service>/<unit>* blocked idle 0/lxd/4 10.24.110.187 8776/tcp Services not running that should be: apache2

Debugging reveals the following:

root@juju-8072c7-0-lxd-4:~# service apache2 status
 * apache2 is not running

root@juju-8072c7-0-lxd-4:~# service apache2 start
 * Starting web server apache2 *
 * The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 7 of /etc/apache2/sites-enabled/openstack_https_frontend.conf:
SSLCertificateFile: file '/etc/apache2/ssl/cinder/cert_10.24.111.13' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.

root@juju-8072c7-0-lxd-4:~# cat /etc/apache2/sites-enabled/openstack_https_frontend.conf
Listen 8766
<VirtualHost 10.24.111.42:8766>
    ServerName 10.24.111.13
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/cinder/cert_10.24.111.13
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/cinder/cert_10.24.111.13
    SSLCertificateKeyFile /etc/apache2/ssl/cinder/key_10.24.111.13
    ProxyPass / http://localhost:8756/
    ProxyPassReverse / http://localhost:8756/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 10.24.112.42:8766>
    ServerName 10.24.112.13
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/cinder/cert_10.24.112.13
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/cinder/cert_10.24.112.13
    SSLCertificateKeyFile /etc/apache2/ssl/cinder/key_10.24.112.13
    ProxyPass / http://localhost:8756/
    ProxyPassReverse / http://localhost:8756/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 10.24.113.42:8766>
    ServerName 10.24.113.13
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/cinder/cert_10.24.113.13
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/cinder/cert_10.24.113.13
    SSLCertificateKeyFile /etc/apache2/ssl/cinder/key_10.24.113.13
    ProxyPass / http://localhost:8756/
    ProxyPassReverse / http://localhost:8756/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>
<Location />
    Order allow,deny
    Allow from all
</Location>

The following set of actions fixes the problem:

root@juju-8072c7-0-lxd-4:~# cd /etc/apache2/ssl/<service>
root@juju-8072c7-0-lxd-4:/etc/apache2/ssl/cinder# cp cert_10.24.112.13 cert_10.24.111.13
root@juju-8072c7-0-lxd-4:/etc/apache2/ssl/cinder# cp cert_10.24.112.13 cert_10.24.113.13
root@juju-8072c7-0-lxd-4:/etc/apache2/ssl/cinder# cp key_10.24.112.13 key_10.24.111.13
root@juju-8072c7-0-lxd-4:/etc/apache2/ssl/cinder# cp key_10.24.112.13 key_10.24.113.13
root@juju-8072c7-0-lxd-4:/etc/apache2/ssl/cinder# service apache2 start
 * Starting web server apache2 *

Services which are affected:

ceilometer
cinder
glance
neutron-api
nova-cloud-controller

No time to attach logs.