Readiness probe is failing because of bad SSL

[iRakic]

Chart version:
8.5.1
Kubernetes version:
v1.25.5
Kubernetes provider:
K8s (on prem / bare metal)
Helm Version:
"v3.9.4"

values.yaml

---
antiAffinity: "soft"

# Shrink default JVM heap.
esJavaOpts: "-Xmx128m -Xms128m"

resources:
  requests:
    cpu: "1000m"
    memory: "6Gi"
  limits:
    cpu: "2000m"
    memory: "6Gi"

volumeClaimTemplate:
  accessModes: ["ReadWriteOnce"]
  storageClassName: cstor-disk-pool
  resources:
    requests:
      storage: 20Gi

protocol: https

service:
  enabled: true
  labels: {}
  labelsHeadless: {}
  type: ClusterIP
  # Consider that all endpoints are considered "ready" even if the Pods themselves are not
  # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
  publishNotReadyAddresses: false
  nodePort: ""
  annotations: {}
  httpPortName: http
  transportPortName: transport
  loadBalancerIP: ""
  loadBalancerSourceRanges: []
  externalTrafficPolicy: ""

updateStrategy: RollingUpdate

podSecurityContext:
  fsGroup: 1000
  runAsUser: 1000

securityContext:
  capabilities:
    drop:
      - ALL
  # readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate

Provide logs and/or server output (if relevant):

Events:
  Type     Reason     Age                     From     Message
  ----     ------     ----                    ----     -------
  Warning  Unhealthy  2m13s (x19360 over 3d)  kubelet  Readiness probe failed: Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=green&timeout=1s" )
Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )

Inside the pod (exec):
It's failing with https because the certificate is invalid:

[1] 144779
elasticsearch@elasticsearch-master-0:~$ curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

On http it's not working as well:

elasticsearch@elasticsearch-master-0:~$ curl http://localhost:9200/_cluster/health?wait_for_status=green&timeout=1s
[1] 144849
elasticsearch@elasticsearch-master-0:~$ curl: (52) Empty reply from server

[iRakic]

I have created a pull request to address this: #1774