All filebeat instances using the same config.
logstash logs are empty.
i went through curl man page and found only ssl2, ssl3 and tls1 options and with all those options, i am ending up with same error.
I made a test in my local instance.
I started logstash with old certificate and used curl to connect and failed.
Then i created a new certificate following the same process, started logstash with new certificate and tried connecting with curl. And curl succesfully made ssl handshake, just to test i used ssl2, ssl3 and tls1 options with curl to connect and it failed in first two cases and established handshake with tls1.
From this i am deducing, on jun3 when i first created old certificate, openssl is using some ssl3 version, and when i copied that certificate and tried curl, it worked. But later ssl version got upgraded somehow to tls1 and as there is no data for some period of time, so filebeat dropped connection to logstash and when new data came, filebeat tried establishing connection but couldn't, as ssl version got changed, and thats the reason why i couldnt curl with that certificate currently. And when i create a new certificate now. It created with latest tls1 version and now with that certificate, filebeat could establish connection to logstash.
However, this is a complete guess, as i dont know how much this could be true and how I can prove this theory.