If you want to use the existing HTTP CA, then I suspect you're going to need to use a separate tool to extract the CA certificate and key from the http.p12.
Both openssl and Java's keytool (which ships with Elasticsearch) can do this.
With keytool, the simplest option is probably to create a new PKCS#12 keystore that only contains the CA. You can do that with:
keytool -importkeystore -srckeystore http.p12 -destkeystore http_ca.p12 -srcalias http_ca
It will prompt (twice) for a destination password. You can use the same password as the source (http.p12) or a new password, it doesn't matter.
Then you can use http_ca.p12 to generate a new server certificate.
However, your HTTP CA is probably due to expire in a year as well, so you'll need to go through the process of generating a whole new CA at that time.
Sorry, CA management for clients is a pain, and there's only so much we can do to make it easier. I'll look at making it possible to use the HTTP CA without having to extract it from the http.p12 keystore, but that only helps a little. Eventually you need to have a process to manage your own certificates (or switch to Elastic Cloud and let us manage it for you).