Integration with Lego

[amandahla]

Bug Description

I'm adding this as an issue so it can be discussed.

While integrating Haproxy with Lego I found two issues:

1. The CSR is not found by Lego as described in here.
   Workaround: Manually change mode to UNIT. Is there a reason for APP being used instead?

2. Lego provides in the relation the certificate and the chain. Haproxy was set only with the certificate, causing this error while trying to access it via curl:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Workaround: So I manually copied the certificate and chain content and paste in the file /var/lib/haproxy/certs/ircbridge-internal.staging.canonical.com.pem

To Reproduce

Relate Haproxy with Lego

Environment

App                        Version  Status  Scale  Charm                     Channel      Rev  Exposed  Message
haproxy2                            active      1  haproxy                   2.8/edge     116  yes      
irc-bridge                          active      1  irc-bridge                latest/edge    9  yes      
lego                                active      1  lego                      4/edge        34  no       1/1 certificate requests are fulfilled
postgresql                 14.12    active      1  postgresql                14/stable    468  yes      
self-signed-certificates2           active      1  self-signed-certificates  latest/edge  234  no 

Relevant log output

...

Additional context

No response