Comment 2 for bug 1938961

The final Let's Encrypt certificate chain is copied to /etc/ssl/private (see https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/tasks/haproxy_ssl_letsencrypt.yml#L106), a directory no longer being used as it was replaced by /etc/haproxy/ssl.

A hotfix for the certificate not working is to change `dest` for `Create new pem file for haproxy` in (haproxy_server role, usually in /etc/ansible/roles/haproxy_server)/tasks/haproxy_ssl_letsencrypt.yml to `"{{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_external_lb_vip_address }}.pem"`
And then of course run `openstack-ansible /opt/openstack-ansible/playbooks/haproxy-install.yml`

Note that this hotfix will overwrite the self-signed and automatically generated certificate originally stored there.