ES monitors SSL configuration files and hot-reloads them on change. However, instead of monitoring individual files, ES monitors their parent directories. This could be wasteful because it ends up monitoring unnecessary files and directory traversal is in theory unbounded. In addition, hot-reload works only for files specified in the YAML configuration, i.e. you need to change an existing file for reload to happen, simply adding a new file does not work.

We should fix it by monitoring individual files. As an example, the SSL reloading for reindexing is already monitoring individual files.