PEM formatted certificates contain DER encoded data so code eventually needs to parse the DER structure. See this awesome reply from Tim regarding certificate encoding, formatting, etc.
I'm not arguing against that, I'm only saying what your logs are implying.
- What Java version are you using in your other Elasticsearch installation?
- Can you try and run this Elasticsearch instance with Java 11 ?
- Can you try and run your other Elasticsearch installation with Java 12 ?
Not sure what else to suggest without being able to test against your certificate/key.