For comparison, Elasticsearch supports both (e.g. in the instructions on this page: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/configuring-tls.html).

I use Apache's mod_md to automatically get and renew certificates from Let's Encrypt. Like certbot and other tools, it creates certificates in PEM format.

While I can add a hook to convert to PKCS#12 format and then to keystore format (using commands from this blog post, for example), it would be simpler to just point readonlyrest.yml to the certificates in PEM format.

@jpmckinney please check out this: https://docs.readonlyrest.com/elasticsearch#using-lets-encrypt

@coutoPL Yes, I already do those steps. It would be nice to just be able to use the original PEM files instead of converting to PKCS12. It's nice that converting to JKS Keystore is (now) optional.

hi @jpmckinney this is supported starting from ROR 1.44.0