Error Return code 21: SSL encryption between filebeat 5.2 and kafka 1.0 (self signed)

OK, so openssl connects OK, which suggests kafka is correctly configured. Running out of ideas here. Searching throws up a number of other occurrences of this (e.g. this, this, and this).

Can you remove the non-SSL entry from advertised listeners?