After the problem I indicated in the post I can't get Elastic and Kibana to work with real certificates I was finally able to understand the issue of needing to pass the --url in the command.
But now when I want to generate the renrollmemnt of kibana, a new error, which I am not able to get out of and from which I see a lot of literature, but it does not adapt to the situation.
root@elk2:~# systemctl restart elasticsearch.service && systemctl restart kibana
root@elk2:~# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -url https://elk2.mydomain.ovh:9200 -vvv
Unexpected http status [401] while attempting to determine cluster health. Will retry at most 5 more times.
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: SoMePa$$w0rd
root@elk2:~# /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url https://elk2.mydomain.ovh:9200 -vvvv
Unexpected http status [401] while attempting to determine cluster health. Will retry at most 5 more times.
Unable to create enrollment token for scope [kibana]
ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystore
Log elastic
[2022-10-24T07:05:34,618][INFO ][o.e.x.s.a.f.FileUserPasswdStore] [elk2] users file [/etc/elasticsearch/users] changed. updating users...
[2022-10-24T07:05:34,620][INFO ][o.e.x.s.a.f.FileUserRolesStore] [elk2] users roles file [/etc/elasticsearch/users_roles] changed. updating users roles...
Config elastic
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: elk2.endesarrollo.ovh
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
key: certs/privkey.pem
certificate: certs/fullchain.pem
certificate_authorities: [
"certs/fullchain.pem",
"certs/cacert.x1.pem",
]
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
#client_authentication: required
key: certs/privkey.pem
certificate: certs/fullchain.pem
certificate_authorities: [
"certs/fullchain.pem",
"certs/cacert.x1.pem",
]
cluster.initial_master_nodes: ["elk2.endesarrollo.ovh"]
http.host: 0.0.0.0
Apreciate help.