I have a Step-CA instance from which I obtain certificates through lego's CLI. The CA is trusted on all nodes system-wide and the certificates are generated for their domains. Elasticsearch is configured to use these domains as its address as well.
The problem I'm running into, is a Java error complaining about No subject alternative names matching IP address [resolved IP] found. This should not be necessary however, right? I've seen this working on another Elasticsearch instance and there were no complaints. My only guess is that the problems stems from the domains only being configured in /etc/hosts (on all nodes including the CA of course).
#elastic-stack:elasticsearch