Comment 9 for bug 1805178

Andreas fixed that in 2.4.49+dfsg-2ubuntu1 [Focal] which started to have profile in openldap and include ssl_cert which (as Christian Bolz outlined above) do include those paths.

# grep ssl_c /etc/apparmor.d/usr.sbin.slapd
  #include <abstractions/ssl_certs>

# grep enc /etc/apparmor.d/abstractions/ssl_certs
  /etc/letsencrypt/archive/*/cert*.pem r,
  /etc/letsencrypt/archive/*/chain*.pem r,
  /etc/letsencrypt/archive/*/fullchain*.pem r,

Fixed Focal onwads, and since users can modify the local overrides if needed I'm not sure how important an SRU of the same is (changing isolation in SRUs is discouraged AFAIK).