SSL - "no cipher suites in common"

I'm relatively new to setting up SSL. I have my jks keystore file (generated using letsencrypt--see below).

sudo su yum install git git clone cd letsencrypt ./letsencrypt-auto --agree-dev-preview --server certonly -d -v --debug cd /etc/elasticsearch/shield keytool -importcert -keystore myTest.jks -file /etc/letsencrypt/live/ -alias myTest

Then I setup SSL in my elasticsearch.yml file like so:

... shield.ssl.keystore.path: path/to/myTest.jks shield.ssl.keystore.password: superCoolPassword shield.ssl.keystore.key_password: superCoolPassword shield.transport.ssl: true shield.http.ssl: true shield.ssl.ciphers: ["TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA"]
Note: I should mention, in order to get elasticsearch to bind, I've set my hosts file to direct from to my ip address.

My log:

[2016-04-18 15:26:44,421][WARN ][shield.transport.netty ] [hybrid-0] Caught exception while handling client http traffic, closing connection [id: 0xfbe6e53b, / => /] no cipher suites in common at at at at at at org.jboss.netty.handler.ssl.SslHandler.unwrap( at org.jboss.netty.handler.ssl.SslHandler.decode( at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode( at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived( at at at$DefaultChannelHandlerContext.sendUpstream( at org.jboss.netty.handler.ipfilter.IpFilteringHandlerImpl.handleUpstream( at at at at at at at at at at at org.jboss.netty.util.internal.DeadLockProofWorker$ at java.util.concurrent.ThreadPoolExecutor.runWorker( at java.util.concurrent.ThreadPoolExecutor$ at Caused by: no cipher suites in common at at at at at at at at at$ at$ at Method) at$ at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks( at org.jboss.netty.handler.ssl.SslHandler.unwrap( ... 21 more

I am not familiar with lets encrypt but my first guess would be that you are missing a key in your keystore since it looks like you only imported a certificate. If you do a keytool -list -keystore myTest.jks, do you have a privateKeyEntry?

You are exactly right--my private key was missing. And here are the steps I found to fix it. If you have better ones please feel free to provide.