Configured ELK Basic TLS Security

Hi,

I have been able to follow the documentation and generate my own certificates and used them in Elasticsearch for Transport and HTTP security. Elasticsearch is up and running. I have also been able to establish connection from Kibana to the manually configured secure Elasticsearch. However when I am trying to run

elasticsearch-create-enrollment-token -s kibana

I am getting:
ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate

The reason I wanted to configure the security and generate new certificates is because the default auto configuration stops working when elasticsearch is restarted a day later or so.

Any idea how I can sort out the error with the enrollment token

Thanks

Hello. Would you be able to give details about how or why the default auto configuration stops working when elasticsearch is restarted a day later or so? Is it possible the hostname is changing? Thank you.

It was IP address changing issue. (if I stick with the auto configuration done by ES)

However I would still like to know why on configuring security manually (by following the TLS and HTTP security documentation) results in:

Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate

Thanks