Comment 4 for bug 1912261

For the record, I've tested the patchset 5 in https://review.opendev.org/c/openstack/charm-vault/+/846235/5 (reload strategy) and confirmed it's working as expected on reloading the new cert.

Here is how I tested:

[current charm]

1. deploy Vault with ssl-cert, ssl-key (and optionally ssl-chain or ssl-ca)
2. check the valid date of the cert

$curl -ksv https://localhost:8200/ |& grep 'expire date:'
* expire date: Apr 5 06:24:57 2021 GMT

3. upload a new cert/key with charm configs
4. check the valid date again

$ curl -ksv https://localhost:8200/ |& grep 'expire date:'
* expire date: Apr 5 06:24:57 2021 GMT
-> unchanged

[proposed charm]

3. upload a new cert/key with charm configs

$ juju config vault \
  ssl-cert="$(cat cert9.pem| base64)" \
  ssl-key="$(cat privkey9.pem| base64)" \
  ssl-chain="$(cat chain9.pem| base64)"

4. check the valid date again

curl -ksv https://localhost:8200/ |& grep 'expire date:'
* expire date: Jul 31 09:15:51 2022 GMT
-> updated as expected

5. double check Vault is unsealed still

$ vault status | grep Sealed
Sealed false
-> unsealed as expected since there was only reload of the service instead of restart.