I have SSL enabled in kibana using "server.ssl.cert: /etc/opt/zookeeper/kafkapoc.pem" (and the associated key is also set). This works just fine and uses SSL. However, I just configured logrotate and when I send SIGHUP to the kibana process it logs that it is going to reconfigure logging and then exits
/usr/share/kibana/src/server/config/config.js:116
throw results.error;
^
ValidationError: child "server" fails because [child "ssl" fails because ["cert" is not allowed]]
at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:140:17)
at internals.Any._validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:649:25)
at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:102:23)
at Config._commit (/usr/share/kibana/src/server/config/config.js:113:35)
at Config.set (/usr/share/kibana/src/server/config/config.js:84:10)
at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:57:10)
I can change logrotate to do stop/start to workaround this. I recently installed xpack and told it not to enable security (since I already had SSL enabled in my whole ELK / kafka / zookeeper environment. I am not sure if this happens without xpack. Anyways it seems wrong that restart does validation not done on startup.