Comment 0 for bug 1921557

Steps to reproduce:

Prepare to bootstrap on localhost cloud as usual.
Run bootstrap command, note controller IP address in output
Run juju change-user-password, juju logout, then juju unregister
Run juju login [IP-ADDRESS]:17070 -c test_name --debug

This will prompt the user to decide whether they trust the CA fingerprint on 2.6.x and 2.7.x, debug output from 2.8.x is in an attachment.

Openssl s_client indicates that the CA certificate is not being sent by the server as part of its cert chain during the TLS handshake.