Fleet server installation issue with TLS and certificates

Hello Elastic

I have some issue with a new Fleet installation.

I'm trying to add the fleet server into my Kibana.

I have scp over the http_ca.crt from the Elastic to my Fleet server.

But there is something I have missing? I'm not the bust guy with certificates, but I guess I can use the standard http_ca.crt.

Elasticsearch: 192.168.1.10
Fleet server: 192.168.1.11

~/elastic-agent-8.15.3-linux-x86_64$ sudo ./elastic-agent install --fleet-server-es=https://192.168.1.10:9200 --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE3MzAxOTU4MzA0NTI6ay1MQWxwQzNTdHlqR1RRSmJnZURvZw --fleet-server-policy=fleet-server-policy --fleet-server-port=8220 --certificate-authorities=/etc/elasticsearch/http_ca.crt
[sudo] password for elk:
Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:y
[ =] Service Started [25s] Elastic Agent successfully installed, starting enrollment.
[= ] Waiting For Enroll... [27s] {"log.level":"info","@timestamp":"2024-10-29T12:16:23.243Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/cmd.(*enrollCmd).prepareFleetTLS","file.name":"cmd/enroll_cmd.go","file.line":435},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
[ =] Waiting For Enroll... [28s] {"log.level":"info","@timestamp":"2024-10-29T12:16:24.242Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/cmd.(*enrollCmd).daemonReloadWithBackoff","file.name":"cmd/enroll_cmd.go","file.line":481},"message":"Restarting agent daemon, attempt 0","ecs.version":"1.6.0"}
[=== ] Waiting For Enroll... [30s] {"log.level":"info","@timestamp":"2024-10-29T12:16:26.245Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/cmd.waitForFleetServer.func1","file.name":"cmd/enroll_cmd.go","file.line":774},"message":"Waiting for Elastic Agent to start","ecs.version":"1.6.0"}
[=== ] Waiting For Enroll... [34s] {"log.level":"info","@timestamp":"2024-10-29T12:16:30.250Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/cmd.waitForFleetServer.func1","file.name":"cmd/enroll_cmd.go","file.line":824},"message":"Fleet Server - Error - failed version compatibility check with elasticsearch: tls: failed to verify certificate: x509: certificate signed by unknown authority","ecs.version":"1.6.0"}
[ =] Waiting For Enroll... [2m28s] Error: fleet-server failed: timed out waiting for Fleet Server to start after 2m0s
For help, please see our troubleshooting guide at Troubleshoot common problems | Fleet and Elastic Agent Guide [8.15] | Elastic
[= ] Uninstalled [2m30s] Error uninstalling. Printing logs
2024-10-29T12:18:24.639Z DEBUG [install] Loaded configuration from /home/elk/elastic-agent-8.15.3-linux-x86_64/elastic-agent.yml
2024-10-29T12:18:24.639Z DEBUG [install] Merged configuration from /home/elk/elastic-agent-8.15.3-linux-x86_64/elastic-agent.yml into result
2024-10-29T12:18:24.639Z DEBUG [install] Merged all configuration files from [/home/elk/elastic-agent-8.15.3-linux-x86_64/elastic-agent.yml], no external input files
2024-10-29T12:18:24.640Z DEBUG [install.composable] Starting controller for composable inputs
2024-10-29T12:18:24.640Z DEBUG [install.composable] Started controller for composable inputs
2024-10-29T12:18:24.640Z DEBUG [install.composable] kubernetes_secrets provider skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-10-29T12:18:24.640Z DEBUG [install.composable] Variable state changed for composable inputs; debounce started
2024-10-29T12:18:24.640Z DEBUG [install.composable] Kubernetes leaderelection provider skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-10-29T12:18:24.640Z INFO [install.composable.providers.docker] Docker provider skipped, unable to connect: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
2024-10-29T12:18:24.640Z DEBUG [install.composable.providers.kubernetes] Kubernetes provider for resource pod skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-10-29T12:18:24.640Z DEBUG [install.composable.providers.kubernetes] Kubernetes provider for resource node skipped, unable to connect: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2024-10-29T12:18:24.740Z DEBUG [install.composable] Computing new variable state for composable inputs
2024-10-29T12:18:24.740Z DEBUG [install.composable] Stopping controller for composable inputs
2024-10-29T12:18:24.841Z DEBUG [install.composable] Stopped controller for composable inputs
Error: enroll command failed for unknown reason: exit status 1
For help, please see our troubleshooting guide at Troubleshoot common problems | Fleet and Elastic Agent Guide [8.15] | Elastic
~/elastic-agent-8.15.3-linux-x86_64$

From the fleet server this works fine

curl -k --cacert /etc/elasticsearch/http_ca.crt https://192.168.1.10:9200 -u elastic:test123

Hi, where is the CA coming from?
Maybe these links help: Troubleshoot common problems | Fleet and Elastic Agent Guide [8.16] | Elastic
Configure SSL/TLS for self-managed Fleet Servers | Fleet and Elastic Agent Guide [8.16] | Elastic