You are quoting the documentation for xpack.security.transport.ssl.verification_mode. That has three options (full, certificate, none). As I understand it, xpack.monitoring.elasticsearch.ssl.verification_mode has only two (certificate, which really means full, and none). And yes, folks are aware that this is confusing, but once you have made a less than perfect choice naming something it tends to be pretty hard to fix it without blowing up the installed base.