It looks to me like you perhaps updated the CA, but you did not regenerate the new actual certificates (.p12s)... just Regenerating and updating the CA does not update the certificates so they still have the original expiration date from when they were created.
Pretty sure you are going to need to regenerate / update the actual certs as well using the new CA following the next steps
Sorry sometimes people get confused between a CA and a certificate.
Did you do a rolling restart of the nodes?
And you are very careful that the new certs are exactly where they should be with correct file permissions and the yml is all correct? If one works they all should work. Usually it's a copy or something else
Thanks for your response.
I checked the documents again, It seems like "elastic-stack-ca.p12" is the CA and "elastic-certificates.p12" is the certificate issued by CA.
In my case the "elastic-stack-ca.p12" was generated three years ago and the expiration date is Oct 2024. I need to regenerate the CA instead of using the old one because the expiration date will not change if i'm not using the new CA.
I will reference this guideline to regenerate the CA.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.