replace expired certificate failed

searchguard/es: 5.3.0

  1. my cert is expired and i make a self-signed cert by example-pki-scripts. and i replace them for es cluster and sgtool too

when I restart the es cluster, then i was told: “index ‘searchguard’ not healthy yet, we try again … (Reason: no response)”, I wait 1 hour and still got that log, so:

  1. then I uninstall searchguard for removing the “searchguard” indice.

  2. then I reinstall searchguard again, and i was still told: “index ‘searchguard’ not healthy yet, we try again … (Reason: no response)”

  3. then I start to execute sgadmintool, and i was told:


ClusterBlockException[blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];]

at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(

at org.elasticsearch.action.admin.indices.stats.TransportIndicesStatsAction.checkGlobalBlock(

at org.elasticsearch.action.admin.indices.stats.TransportIndicesStatsAction.checkGlobalBlock(





it seems step into a dead cycle, I really have no idea about this problem. which cost me so many hours. I just wanna replace a new certificate. after my step 2, we can take the es cluster as its first time to use searchguard, why still failed? I cannot understand, could you guys/experts give me some help. its really strange