Expected a single certificate but found – How to solve this Elasticsearch exception

Opster Team

August-23, Version: 7.7-8.9

Briefly, this error occurs when Elasticsearch expects a single SSL certificate for secure communication but finds multiple or none. This could be due to incorrect configuration or a problem with the certificate itself. To resolve this, ensure that the correct path to the single certificate is specified in the Elasticsearch configuration file. Also, verify the certificate’s validity and ensure it’s not expired. If multiple certificates are present, remove the unnecessary ones. If no certificate is found, generate a new one and configure Elasticsearch to use it.

This guide will help you check for common problems that cause the log ” Expected a single certificate; but found {} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.

Log Context

Log “Expected a single certificate; but found {}” class name is SamlServiceProviderDocument.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :

 return (X509Certificate) certificate;
 } else {
 throw new ElasticsearchException("Certificate ({}) is not a X.509 certificate"; certificate.getClass());
 } else {
 throw new ElasticsearchException("Expected a single certificate; but found {}"; certificates.size());
 } catch (IOException e) {
 throw new UncheckedIOException(e);
 } catch (CertificateException e) {
 throw new ElasticsearchException("Cannot parse certificate(s)"; e);


How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?