Elasticsearch 8.8 cluster with self signed certificates


I have just setup Elasticsearch 8.8 cluster with self signed certificates and created an index for nextcloud

The credentials I have to put into full text admin page are as follows


When I reset

sudo -u www-data php /var/www/html/nextcloud/occ fulltextsearch:reset

And recreate the index on the Nextcloud server

sudo -u www-data php /var/www/html/nextcloud/occ fulltextsearch:index

It gives me an untrusted cert error.

In CurlFactory.php line 211:
cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://els-cluster:92  

Is there any way to add an --insecure parameter to the credentials for Nextcloud?



So I can use the following cURL command

curl -kX GET "https://elastic:PASSWORD-HERE@els-cluster:9200"

from the terminal which works fine but I cannot find an equivalent to put into the Elasticsearch admin page for Nextcloud.

Elastic Search

Address of the Servlet:
Include your credential in case authentication is required

Adding the .p12 self signed certificates created by Elasticsearch into /etc/ssl/certs on the Nextcloud server and running

sudo update-ca-certificates

did not help. Neither did converting them to .pem and repeating the process.

Didn’t think this process would be as hard as it is proving to be.

I’m experiencing the same exact issue, did you figure out a solution? It seems pretty ridiculous that you can’t use a TLS secured Elasticsearch instance with Nextcloud.

Not yet.

The error states it comes from

CurlFactory.php line 211:

Which is useful. That file is located at (on my system at least)


But the code in it doesn’t really mean anything to me.

I have tried playing about with some options in there but not had any luck so far.


Some more reading seems to point me in the direction of a piece of software called ‘guzzle

The solution might be to figure out which file under


allows for the disabling of SSL verification.


That’s a great start I most say.

The program those use the guzzlehttp (apparently) and yes we are looking to disable the SSL verification (which I don’t recommend) so it could run curl which seems to be difficult. So the real question is there away to turn off the verification process?

could possibly be, that by going to apps/fulltextsearch_elasticsearch/vendor/elasticsearch/elasticsearch/src/ and viewing the file ClientBuilder

private bool $sslVerification = true; ? could this be missing link ?