diff --git a/docs/modules/elasticsearch.md b/docs/modules/elasticsearch.md
index 18c58dc5eb..93c4b0d1e4 100644
--- a/docs/modules/elasticsearch.md
+++ b/docs/modules/elasticsearch.md
@@ -53,6 +53,15 @@ If you need to set a different password to request authorization when performing
 [Custom Password](../../modules/elasticsearch/examples_test.go) inside_block:usingPassword
 <!--/codeinclude-->
 
+#### Skipping cert retrieval
+
+If you do not want to retrieve the Elasticsearch certificate, you can use the `WithoutCertRetrieval` option.
+This can be useful in some edge cases where the certificate to download from the container is not available.
+
+<!--codeinclude-->
+[Skip Certificate Retrieval](../../modules/elasticsearch/examples_test.go) inside_block:withoutCertRetrieval
+<!--/codeinclude-->
+
 ### Configuring the access to the Elasticsearch container
 
 The Elasticsearch container exposes its settings in order to configure the client to connect to it. With those settings it's very easy to setup up our preferred way to connect to the container. We are going to show you two ways to connect to the container, using the HTTP client from the standard library, and using the Elasticsearch client.
diff --git a/modules/elasticsearch/elasticsearch.go b/modules/elasticsearch/elasticsearch.go
index 2ea0a8b8ba..8f9a2e9340 100644
--- a/modules/elasticsearch/elasticsearch.go
+++ b/modules/elasticsearch/elasticsearch.go
@@ -128,7 +128,7 @@ func configureAddress(ctx context.Context, c *ElasticsearchContainer) (string, e
 // For that, it defines a post start hook that copies the certificate from the container to the host.
 // The certificate is only available since version 8, and will be located in a well-known location.
 func configureCertificate(settings *Options, req *testcontainers.GenericContainerRequest) error {
-	if isAtLeastVersion(req.Image, 8) {
+	if isAtLeastVersion(req.Image, 8) && !settings.SkipCertRetrieval {
 		// These configuration keys explicitly disable CA generation.
 		// If any are set we skip the file retrieval.
 		configKeys := []string{
diff --git a/modules/elasticsearch/elasticsearch_test.go b/modules/elasticsearch/elasticsearch_test.go
index 9141558dc8..561e085d50 100644
--- a/modules/elasticsearch/elasticsearch_test.go
+++ b/modules/elasticsearch/elasticsearch_test.go
@@ -134,7 +134,9 @@ func TestElasticsearch(t *testing.T) {
 					// finish validating the response when the request is unauthorised
 					return
 				}
-
+				if esContainer.Settings.CACert == nil {
+					t.Fatal("expected CA cert to be set")
+				}
 			}
 
 			// validate response
@@ -259,6 +261,25 @@ func TestElasticsearchOSSCannotuseWithPassword(t *testing.T) {
 	}
 }
 
+func TestElastictSearchWithoutCertRetrieval(t *testing.T) {
+	ctx := context.Background()
+
+	container, err := elasticsearch.RunContainer(ctx, testcontainers.WithImage(baseImage8), elasticsearch.WithoutCertRetrieval())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Cleanup(func() {
+		if err := container.Terminate(ctx); err != nil {
+			t.Fatalf("failed to terminate container: %s", err)
+		}
+	})
+
+	if container.Settings.CACert != nil {
+		t.Fatal("expected CA cert to be empty")
+	}
+}
+
 // configureHTTPClient configures an HTTP client for the Elasticsearch container.
 // If no certificate bytes are available, the default HTTP client will be returned.
 // If certificate bytes are available, the client will be configured to use TLS with the certificate.
diff --git a/modules/elasticsearch/examples_test.go b/modules/elasticsearch/examples_test.go
index 09ba893e43..67aa4aaa57 100644
--- a/modules/elasticsearch/examples_test.go
+++ b/modules/elasticsearch/examples_test.go
@@ -112,3 +112,30 @@ func ExampleRunContainer_connectUsingElasticsearchClient() {
 	fmt.Println(esResp.Tagline)
 	// Output: You Know, for Search
 }
+
+func ExampleRunContainer_withoutCertRetrieval() {
+	// withoutCertRetrieval {
+	ctx := context.Background()
+	elasticsearchContainer, err := elasticsearch.RunContainer(
+		ctx,
+		testcontainers.WithImage("docker.elastic.co/elasticsearch/elasticsearch:8.9.0"),
+		elasticsearch.WithoutCertRetrieval(),
+	)
+	if err != nil {
+		log.Fatalf("failed to start container: %s", err)
+	}
+	defer func() {
+		err := elasticsearchContainer.Terminate(ctx)
+		if err != nil {
+			log.Fatalf("failed to terminate container: %s", err)
+		}
+	}()
+	// }
+
+	fmt.Println(elasticsearchContainer.Settings.SkipCertRetrieval)
+	fmt.Println(elasticsearchContainer.Settings.CACert)
+
+	// Output:
+	// true
+	// nil
+}
diff --git a/modules/elasticsearch/options.go b/modules/elasticsearch/options.go
index ed801c3b09..cf09095063 100644
--- a/modules/elasticsearch/options.go
+++ b/modules/elasticsearch/options.go
@@ -8,16 +8,18 @@ import (
 // It could be used to build an HTTP client for the Elasticsearch container, as it will
 // hold information on how to connect to the container.
 type Options struct {
-	Address  string
-	CACert   []byte
-	Password string
-	Username string
+	Address           string
+	CACert            []byte
+	Password          string
+	Username          string
+	SkipCertRetrieval bool
 }
 
 func defaultOptions() *Options {
 	return &Options{
-		CACert:   nil,
-		Username: defaultUsername,
+		CACert:            nil,
+		Username:          defaultUsername,
+		SkipCertRetrieval: false,
 	}
 }
 
@@ -39,3 +41,9 @@ func WithPassword(password string) Option {
 		o.Password = password
 	}
 }
+
+func WithoutCertRetrieval() Option {
+	return func(o *Options) {
+		o.SkipCertRetrieval = true
+	}
+}