Replace Demo certificates

hi bros,
I’m stuck with replacing demo certificates.
I’ve tried to use environment variables in docker-compose, but I didn’t work, it will generate demo anyway.
- opendistro_security.ssl.transport.pemcert_filepath=node.pem
- opendistro_security.ssl.transport.pemkey_filepath=node-key.pem
- opendistro_security.ssl.transport.pemtrustedcas_filepath=root-ca.pem
- opendistro_security.ssl.transport.enforce_hostname_verification=false

I just want to use custom transport certificates, but forced to replaced also admins cert.

Please share your elasticsearch config files, cuz official documentation is really confused.
Thanks in advance.

solve it by changing
opendistro_security.allow_unsafe_democertificates: to true