Is it possible to use both a real certificate + key so it resolves to a public domain name, and a self-signed certificate + key with CA that signed it (as the docs show), so that I can have the best of both worlds?
Publicly I would be able to visit this on https by it's domain name, and then Kibana could use full verification mode when talking to Elasticsearch internally within docker.