Comment 5 for bug 1863972

Understood. Just to clarify, I'm still not in "production" with Kolla yet. For production I will be using Let's Encrypt certificates and not self-signed. So what you are saying is that I need to set the internal certificate option in globals to "no" and try with only external enabled?