This issue usually happens when the system clock was wrong during installation, which causes the host certificate to appear "not valid yet." Here's what you can do:
1. Correct the system time (using NTP is recommended):
-
Open the ESXi Host Client
-
Go to Host > Manage > System > Time & date
-
Click Edit NTP Settings
-
Set the startup policy to "Start and stop with host"
-
Add an NTP server (for example: pool.ntp.org)
-
Save the settings
-
Then go to Host > Manage > System > Services
-
Select the NTP Daemon (ntpd) service and start it
2. Regenerate the SSL certificate:
-
Start the SSH service from the Services menu
-
Connect to the host via SSH as root
-
Check the current time with: date
-
Check the certificate validity start date with: openssl s_client -connect localhost:443 | grep notBefore
-
If the certificate is not yet valid, run: /sbin/generate-certificates
-
Restart the hostd service with: /etc/init.d/hostd restart
Important: If the host is already part of a vCenter environment, don't use this method. In that case, renew the certificate directly in vCenter by right-clicking the host in the inventory, then selecting Certificates > Renew Certificate.
That should resolve your problem.
Best regards,
------------------------------
Pascal Carone
vExpert 2025
------------------------------
Original Message:
Sent: Sep 03, 2025 09:42 AM
From: Georgie Zamora
Subject: How to Fix Invalid Certificate Issue on a New ESXi Host?
Hi everyone,
I've just finished installing a standalone ESXi host and I'm getting this message right after the setup:
The certificate assigned to this host is not valid yet. You should install a valid certificate.
I haven't connected the host to vCenter yet, it's just a fresh install. From what I can tell, it might be related to the system time, but I'm not sure how to properly fix it or regenerate the certificate.
Could someone explain the right steps to correct the time settings and renew the host certificate?
Thanks a lot for your help!
Best regards,
-------------------------------------------