diff --git a/src/roles/elasticsearch/templates/elasticsearch.yml.j2 b/src/roles/elasticsearch/templates/elasticsearch.yml.j2
index a001f0dd..e5979bc0 100644
--- a/src/roles/elasticsearch/templates/elasticsearch.yml.j2
+++ b/src/roles/elasticsearch/templates/elasticsearch.yml.j2
@@ -41,14 +41,14 @@ path.logs: {{ m_meza_data }}/elasticsearch/log
 # Fixes xpack SSL java access denied at ES startup.
 #
 # Probably not the best way to do this. Suggestions welcome
-{% if elasticsearch_major_version.startswith('6.') %}
+{% if elasticsearch_major_version == "6.x" %}
 xpack.ssl.truststore.path: /etc/elasticsearch/cacerts-java-extracted
 xpack.ssl.truststore.password: changeit
-{% elif elasticsearch_major_version.startswith('7.') %}
+{% elif elasticsearch_major_version == "7.x" %}
 xpack.http.ssl.truststore.path: /etc/elasticsearch/cacerts-java-extracted
 xpack.http.ssl.truststore.password: changeit
 {% else %}
-# You can add additional handling here if needed for other versions
+# You can add additional handling here
 {% endif %}
 reindex.ssl.truststore.path: /etc/elasticsearch/cacerts-java-extracted
 reindex.ssl.truststore.password: changeit