Hi,

I deployed openstack using a self-signed certificate generated by kolla.

I am using the encryption both internally and externally.

Then I tried to use let's encrypt on the same platform, and it seemed to work, but only on the external URL of openstack (horizon portal).

Then I undeployed my openstack, and I tried to redeploy it again, this time Keystone couldn't be deployed, it complained about not being able to verify the self-signed certificate.

I had to disable the let's encrypt lines on the globals.yml to be able to deploy openstack.

My question is :

- Does using let's encrypt cover both internal and external traffic of openstack on all ports or just the 443?

- If it does, how to configure globals.yml , especially the lines concerning the certificates?

- If it does not, it covers only Horizon on 443, how could someone combine the use of self-signed to let's encrypt use? is it even possible?

Regards.