Secure ELK Stack with cloudflare wildcard SSL Failing on an ubuntu setup

I have a cloudflare wildcard ssl for my organization that i have configured on my elasticsearch and Kibana as follows:
'''''''''
Elasticsearch

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  key: certs/elk_elula/cf_privkey.pem
  certificate: certs/elk_elula/cf_fullchain.pem
  verification_mode: certificate
  certificate_authorities: ["/etc/elasticsearch/certs/elk_elula/cf_fullchain.pem"]


# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  key: certs/elk_elula/cf_privkey.pem
  certificate: certs/elk_elula/cf_fullchain.pem
  verification_mode: certificate
  certificate_authorities: ["/etc/elasticsearch/certs/elk_elula/cf_fullchain.pem"]

Kibana:
''''''''

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana.elula.cloud/cf_fullchain.pem
server.ssl.key: /etc/kibana/certs/kibana.elula.cloud/cf_privkey.pem
server.ssl.certificateAuthorities: ["/etc/kibana/certs/kibana/cf_fullchain.pem"]
server.ssl.verification_mode: certificate

and its not working, when i curl i get this
''''''''
curl
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:
'''''''
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I have tried adding the RSA Cloudflare Root CA and ECC root CA with no joy

please help, been at it for many days

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.