When MAAS CLI is used to configure TLS, it updates configuration in the database. After database values are changed, trigger will raise NOTIFY event, and all regiond services will handle it (using PostgreSQL LISTEN). Once handled, regiond service will render correct nginx config file and restart nginx.
There is a chance when regiond might miss that event:
1. regiond is starting. On start it reads existing config
*it takes some time to start up all the services
2. CLI used to configure TLS. DB values are updated and NOTIFY executed.
* regiond is not yet in the state where it "subscribed" to events with LISTEN command.
Possible workarounds:
1. Ensure that regiond is fully started and retry CLI command
2. Restart MAAS. It will pick up new values on start.
*** note to bug council *** @troyanov would like to discuss this with the bug council when they meet.