Strange, we never had this issue before, so let’s try to debug. To clarify how the license handling works:
If you start Search Guard, and there is no valid license found in the Search Guard configuration index, we generate a trial license automatically. The start date would be the current date, and the license would run for 60 days.
If you update a valid license with sgadmin (by applying sg_config.yml which contains the license string) or upload the license via the API, the trial license in the SG index is replaced by the full one.
The API and sgadmin should prevent that a valid license is being overwritten with a trial license or an invalid license. Which means that once a license is applied, it should not be possible to overwrite it with trial.
I can only speculate at the moment, so I have a couple of questions. Your write:
“I just presumed it was due to my frequent resets of the data directory”
What do you mean by “resets of the data directory”? The SG configuration index is stored as any other index in the data directory of ES, so maybe this is the cause?
If your cluster with the license mismatch you described above is still up and running, could you please dump the current SG configuration with sgadmin? See “Backup and Restore” section in the sgadmin docs:
Please have a look at the dumped sg_config.yml file. Does it contain a license string? If so, can you Base64 decode it and check it’s content?