After the problem I indicated in the post I can't get Elastic and Kibana to work with real certificates I was finally able to understand the issue of needing to pass the --url in the command.
But now when I want to generate the renrollmemnt of kibana, a new error, which I am not able to get out of and from which I see a lot of literature, but it does not adapt to the situation.
root@elk2:~# systemctl restart elasticsearch.service && systemctl restart kibana root@elk2:~# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -url https://elk2.mydomain.ovh:9200 -vvv Unexpected http status  while attempting to determine cluster health. Will retry at most 5 more times. This tool will reset the password of the [elastic] user to an autogenerated value. The password will be printed in the console. Please confirm that you would like to continue [y/N]y Password for the [elastic] user successfully reset. New value: SoMePa$$w0rd root@elk2:~# /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url https://elk2.mydomain.ovh:9200 -vvvv Unexpected http status  while attempting to determine cluster health. Will retry at most 5 more times. Unable to create enrollment token for scope [kibana] ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystore
[2022-10-24T07:05:34,618][INFO ][o.e.x.s.a.f.FileUserPasswdStore] [elk2] users file [/etc/elasticsearch/users] changed. updating users... [2022-10-24T07:05:34,620][INFO ][o.e.x.s.a.f.FileUserRolesStore] [elk2] users roles file [/etc/elasticsearch/users_roles] changed. updating users roles...
path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch network.host: elk2.endesarrollo.ovh xpack.security.enabled: true xpack.security.enrollment.enabled: true xpack.security.http.ssl: enabled: true key: certs/privkey.pem certificate: certs/fullchain.pem certificate_authorities: [ "certs/fullchain.pem", "certs/cacert.x1.pem", ] xpack.security.transport.ssl: enabled: true verification_mode: certificate #client_authentication: required key: certs/privkey.pem certificate: certs/fullchain.pem certificate_authorities: [ "certs/fullchain.pem", "certs/cacert.x1.pem", ] cluster.initial_master_nodes: ["elk2.endesarrollo.ovh"] http.host: 0.0.0.0