Comment 4 for bug 1893847

One more thing to make clear, the problem only occurs with auto-generate-root-ca-cert set to true (and/or the deprecated setting, totally-unsecure-auto-unlock set to true).

The workaround is to set the above to False at deploy time and run the post-deployment actions on vault as documented in [0] and [1].

[0] https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-vault.html
[2] https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-certificate-management.html