Comment 5 for bug 1745985

Digging a bit deeper into this.

I assume the certificate is changed through Keystone Charm. From your description I also assume you use the Keystone ssl_ca, ssl_cert and ssl_key charm configuration options to change the certificate.

The existing classic charms currently handles this by reloading Apache in their config-changed hook when SSL is enabled.

Question:
How does the other reactive OpenStack Charms (aodh, gnocchi, etc) currently behave when a certificate is changed in this manner? Do they require manual restart/reload of Apache too?

If the other reactive OpenStack Charms has the same issue but the classic OpenStack Charms does not I am inclined to ask the question if this should be handled in conjunction with the reactive keystone interface layer instead of in charm-helpers? (https://github.com/openstack/charm-interface-keystone/)