I will summarize my weekend here, let me know If I'm making any imprecision.
- TLS (ssl => true) is mandatory, if you set ssl to false you will receive bad protocol errors
- You can create one certificate and use the same in Fleet, and in Logstash. The docs suggest to create 2: one for client (Fleet), one for server (Logstash). The Logstash one must have --ip or --dns set. The client one can omit those.
- The logstash hostname (what you set in Fleet hosts) must match with what you configure under --dns or --ip in the certificate or you will receive "bad certificate" error <= this is the root cause of the error, I wasnt setting --dns