Comment 1 for bug 1700691

Self-signed SSL certs are, generally speaking, a bad idea and they pose problems to operators.
The solution you propose does not solve the problem fully - you still have to ship certs around, the difference is that you use "juju config" to do that rather than "juju scp"

I think much better solutions to this problem could be:
1. Non-SSL metrics endpoint support in juju. See LP1671764
2. Small proxy charm, similar to https://jujucharms.com/u/axwalk/juju-introspection/
3. Add option to juju to use valid SSL cert
4. Relation support in juju controllers so that we can relate prometheus to it and get SSL cert using "the juju way"

IMO option 1 is the simplest one from prometheus perspective but unfortunately it depends on the juju team.
Another one worth looking into is option 2. The charm is nearly there, it probably needs some testing and improvements.

Adding new charm option to the prometheus charm to work around juju limitations is IMO wrong approach. If we get it fixed in juju then everybody benefits, including people who run non-juju deployed prometheus.

Having said that, if you disagree and are willing to add this new option to the charm I think we can merge it in.