Kibana cannot reach elasticsearch

Hi all,

I am running a small single-node setup of opendistro running locally on docker. I use the offline-tls-tool from search-guard to generate my tls certificates using the following configuration:

ca:
  root:
    dn: CN=MyCompany Root CA,OU=MyCompany Root CA,O=MyCompany,L=test,C=de,DC=example,DC=com
    keysize: 2048
    pkPassword: none
    file: root-ca.pem
defaults:
  pkPassword: none
  generatedPasswordLength: 12
  nodesDn:
    - "CN=*.example.com,OU=Ops,O=MyCompany,L=test,C=de"
  httpsEnabled: true
  reuseTransportCertificatesForHttp: true
nodes:
  - name: esnode1
    dn: CN=node-0.example.com,OU=node,O=node,L=test,DC=de
    dns: node1.example.com
clients:
  - name: kibana
    dn: CN=kibana,OU=Ops,O=MyCompany,L=test,C=de
  - name: admin
    dn: CN=admin,OU=client,O=client,L=test,C=de
    admin: true

The single elasticsearch node starts up, then I update the security configuration with the command:

./securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert ../../../config/root-ca.pem -cert ../../../config/admin.pem -key ../../../config/admin.key

which finishes successfully. I have not changed the configuration files for internal_users, roles, tenants etc.

I am at a loss then why I get the following error in the kibana docker logs:

log [09:03:50.049] [error][data][elasticsearch] Request error, retrying
GET https://esnode1:9200/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip => connect ECONNREFUSED 172.19.0.3:9200
log [09:03:55.048] [warning][data][elasticsearch] Unable to revive connection: https://esnode1:9200/
log [09:03:55.049] [warning][data][elasticsearch] No living connections

I think I am missing something fundamental, as I have zero to no experience with SSL/TLS certificates, so any help would be very appreciated.

Is your elasticsearch up and running, can you do a simple curl like to your ES cluster
https://escluster:9200/_cluster/health