Hey everyone,
I currently have a self-managed Elastic Stack environment running over HTTP with:
-
Elasticsearch
-
Kibana
-
Fleet
-
Around 20 connected Elastic Agent instances
I want to migrate Elasticsearch from HTTP to HTTPS without breaking Fleet communication or reinstalling all agents.
My main concern is:
-
updating Fleet outputs safely
-
handling CA trust for existing agents
-
Fleet Server reconfiguration
-
avoiding re-enrollment of all endpoints
For people who already did this migration:
-
What’s the safest order of operations?
-
Did the existing agents reconnect automatically after updating Fleet output?
-
Is using CA fingerprint enough, or should I distribute the full CA cert?
-
Any common pitfalls I should watch for?