Comment 1 for bug 1871428

A workaround for the issue:

1. get the key and certificates from /etc/apache2/ssl/nova/cert_nova.<domain> and /etc/apache2/ssl/nova/key_nova.<domain>
2. use the deprecated console-ssl- options:
juju config nova-cloud-controller \
    console-ssl-cert="$(base64 cert_nova.<domain>)" \
    console-ssl-key="$(base64 key_nova.<domain>)"

This will overwrite the nova.conf entries with the specified certificate and key:
[DEFAULT]
...
cert=/etc/nova/ssl/nova_cert.pem
key=/etc/nova/ssl/nova_key.pem

The internal / admin / public TLS endpoints will be still terminated by apache, so this change won't affect nova service rest interfaces, only the consoleauth will pick up the setting:

nova 1913397 0.0 0.0 296568 104316 ? Ss 12:44 0:03 /usr/bin/python3 /usr/bin/nova-consoleauth --config-file=/etc/nova/nova.conf --log-file=/var/log/nova/nova-consoleauth.log