Docker services use their internal DNS to resolve "elasticsearch", so I can point kibana at "https://elasticsearch:9200".
The problem is, I have to set verification mode to "certificate" because the https certificate is for my domain, not for "elasticsearch".
I googled "subject alternative names" and it doesn't look like I can generate a certificate (I'm using letsencrypt) for "elasticsearch" - because anyone could do that!
So, if I'm using docker, and dns resolution is via docker, must we always use certificate instead of full? Or is there something else I'm missing?