Sorry, I was inattentive when read your question the first time. I see the first error when you use -cn faceid-es is about an expired certificate.
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed Sep 02 02:38:10 CST 2020
And the second error when you use -cn megauth-es is about an untrusted certificate.
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
I want to know if the certificate has a life cycle,If so, what is the life cycle?
You need to create or obtain new TLS certificates instead of the expired ones. All the certificates applied to the Elasticsearch nodes must be signed by the same root CA.
The certificate generated by online TLS certificate generator cannot be used in a production environment?
What’s the difference betwee online TLS certificate generator and TLS tool?
I advise against using the online TLS certificate generator for the production certificates. If you use the generator, it automatically creates the certificates and sends a link that you can use to download the certificates. It means that anyone who read your mail and got the link can download the certificates. The generator is for testing purposes.
I advise using the Search Guard TLS tool. You can tweak the certificate options in any way you want, and you generate the certificates locally in a secure environment.