I have Kibana 7.5.1 running on Docker and certificates being managed by Vault (short lived certificates) in our environment. I noticed that when Vault replace the certificate and private_key files, Kibana is not aware of that and continues to serve the expired certificates.
How can I signal Kibana to reload the certificates without a full restart? I've tried SIGHUP and it only reloads the config file.
Here's the error that shows up in the logs when I try to connect to Kibana after the certificate files have been replaced by Vault.
{"type":"error","@timestamp":"2020-01-08T21:41:49Z","tags":["connection","client","error"],"pid":10585,"level":"error","error":{"message":"140388375709568:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 42\n","name":"Error","stack":"Error: 140388375709568:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 42\n"},"message":"140388375709568:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 42\n"}