Vault and own ssl cert


in the documentation of vault and juju there are two ways of using vault one is to use it as a CA the other is to use it like an intermediate to a CA like let’s encrypt.

For my understanding, the second way is only possible if you generate a new certificate request with vault, have it signed and hand it back to vault again.

But what do you do if you already got a signed SSL cert for a domain, like from an early deployment or whatever.

I would like to have suggestions to issue that certificates to all charms that have like

Maybe I don’t get the full picture or so or my understanding is not right.

Help is really appreciated.