SOLUTION:
So the problem was invalid private key. I set up debug log level for logstash in logstash.yml:
log.level: debug
Then, in all debug messages, there was message about invalid private key. At first, this should be mentioned, according to me, in INFO logs. The certificate, as I mentioned above, is valid, but the format of certificate was wrong. So from documentation of input beats:
SSL key to use. NOTE: This key need to be in the PKCS8 format, you can convert it with OpenSSL for more information.
So I change format with:
openssl pkcs8 -topk8 -nocrypt -in instance.key -out instance.key.pkcs8
And change my configuration of input beats:
input {
beats {
port => 5000
ssl => true
ssl_certificate => "/ssl/instance.crt"
ssl_key => "/ssl/instance.key.pkcs8"
}
}
Than it starts to work. Everywhere in cluster (filebeat, elasticsearch) was this cert valid, but for logstash, there must be different format.