diff --git a/ansible/roles/neutron/templates/metadata_agent.ini.j2 b/ansible/roles/neutron/templates/metadata_agent.ini.j2
index 981d86c451f34b50960e941b77ec5d0b0a7ee5c9..1092545f13e97f723bf3f246e22033acae6a0b3c 100644
--- a/ansible/roles/neutron/templates/metadata_agent.ini.j2
+++ b/ansible/roles/neutron/templates/metadata_agent.ini.j2
@@ -1,6 +1,6 @@
 # metadata_agent.ini
 [DEFAULT]
 nova_metadata_host = {{ nova_internal_fqdn }}
-
 nova_metadata_port = {{ nova_metadata_port }}
 metadata_proxy_shared_secret = {{ metadata_secret }}
+nova_metadata_protocol = {{ internal_protocol }}
diff --git a/releasenotes/notes/bug-1864615-84b4b58ea57ecfe9.yaml b/releasenotes/notes/bug-1864615-84b4b58ea57ecfe9.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..50ccb634f0fae105ffe993a12915733a7c7b3610
--- /dev/null
+++ b/releasenotes/notes/bug-1864615-84b4b58ea57ecfe9.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fix protocol used by ``neutron-metadata-agent`` to connect to Nova metadata
+    service. This possibly affected internal TLS setup.
+    Fixes `LP#1864615 <https://bugs.launchpad.net/kolla-ansible/+bug/1864615>`__