ESXi

 View Only
  • 1.  Reload new ssl certificate without reboot

    Posted Jan 23, 2018 02:41 PM

    I use let's encrypt ssl certificates on ESXi 6.5 (ESXi-6.5.0-20170702001-standard) and it has been working well. Every few weeks when the certificates expire I just copied the new certificates to /etc/vmware/ssl/rui.{crt,key} and ran

    /sbin/services.sh restart

    That reloaded the certificates and everything was OK.

    Not I have updated to ESXi-6.5.0-20171204001-standard (Build 7388607) and I cannot get ESXi to reload the certificates. Any ideas what is going wrong? How can I reload the certificates without rebooting the whole machine?

    [root@vmwsrv1:~] services.sh restart &tail -f /var/log/jumpstart-stdout.log

    2018-01-22T10:43:30.955Z| executing start plugin: lacp

    2018-01-22T10:43:31.158Z| executing start plugin: memscrubd

    2018-01-22T10:43:31.359Z| executing start plugin: smartd

    2018-01-22T10:43:31.562Z| executing start plugin: vpxa

    2018-01-22T10:43:31.765Z| executing start plugin: sfcbd-watchdog

    2018-01-22T10:43:32.976Z| executing start plugin: wsman

    2018-01-22T10:43:33.583Z| executing start plugin: snmpd

    2018-01-22T10:43:33.986Z| Jumpstart failed to start: snmpd reason: Execution of command: /etc/init.d/snmpd start failed with status: 1

    2018-01-22T10:43:33.986Z| executing start plugin: xorg

    2018-01-22T10:43:34.391Z| executing start plugin: vmtoolsd

    2018-01-23T14:39:01.265Z| executing stop for daemon xorg.

    2018-01-23T14:39:01.468Z| Jumpstart failed to stop: xorg reason: Execution of command: /etc/init.d/xorg stop failed with status: 3

    2018-01-23T14:39:01.468Z| executing stop for daemon vmsyslogd.

    2018-01-23T14:39:01.671Z| Jumpstart failed to stop: vmsyslogd reason: Execution of command: /etc/init.d/vmsyslogd stop failed with status: 1

    2018-01-23T14:39:01.671Z| executing stop for daemon vmtoolsd.

    2018-01-23T14:39:01.872Z| Jumpstart failed to stop: vmtoolsd reason: Execution of command: /etc/init.d/vmtoolsd stop failed with status: 1

    2018-01-23T14:39:01.872Z| executing stop for daemon wsman.

    2018-01-23T14:39:02.478Z| executing stop for daemon snmpd.

    2018-01-23T14:39:02.884Z| executing stop for daemon sfcbd-watchdog.

    2018-01-23T14:39:06.517Z| executing stop for daemon vpxa.

    2018-01-23T14:39:06.718Z| executing stop for daemon vobd.

    2018-01-23T14:39:06.921Z| executing stop for daemon dcbd.

    2018-01-23T14:39:07.124Z| executing stop for daemon cdp.

    2018-01-23T14:39:07.325Z| executing stop for daemon nscd.

    2018-01-23T14:39:07.528Z| executing stop for daemon lacp.

    2018-01-23T14:39:07.731Z| executing stop for daemon memscrubd.

    2018-01-23T14:39:07.934Z| Jumpstart failed to stop: memscrubd reason: Execution of command: /etc/init.d/memscrubd stop failed with status: 3

    2018-01-23T14:39:07.934Z| executing stop for daemon smartd.

    2018-01-23T14:39:08.136Z| executing stop for daemon slpd.

    2018-01-23T14:39:08.337Z| executing stop for daemon sdrsInjector.

    2018-01-23T14:39:08.540Z| executing stop for daemon storageRM.

    2018-01-23T14:39:08.743Z| executing stop for daemon vvold.

    2018-01-23T14:39:08.945Z| Jumpstart failed to stop: vvold reason: Execution of command: /etc/init.d/vvold stop failed with status: 3

    2018-01-23T14:39:08.945Z| executing stop for daemon hostdCgiServer.

    2018-01-23T14:39:09.149Z| executing stop for daemon sensord.

    2018-01-23T14:39:09.352Z| executing stop for daemon lbtd.

    2018-01-23T14:39:09.554Z| executing stop for daemon hostd.

    2018-01-23T14:39:09.755Z| executing stop for daemon rhttpproxy.

    2018-01-23T14:39:09.958Z| executing stop for daemon nfcd.

    2018-01-23T14:39:10.161Z| executing stop for daemon vmfstraced.

    2018-01-23T14:39:10.564Z| executing stop for daemon rabbitmqproxy.                                                                                                         

    2018-01-23T14:39:10.767Z| executing stop for daemon esxui.

    2018-01-23T14:39:10.970Z| executing stop for daemon usbarbitrator.

    2018-01-23T14:39:11.173Z| executing stop for daemon iofilterd-spm.                                                                                                         

    2018-01-23T14:39:11.376Z| executing stop for daemon swapobjd.                                                                                                              

    2018-01-23T14:39:11.781Z| executing stop for daemon iofilterd-vmwarevmcrypt.                                                                                               

    2018-01-23T14:39:11.985Z| executing stop for daemon SSH.                                                                                                                   

    2018-01-23T14:39:12.188Z| executing stop for daemon DCUI.                                                                                                                  

    Errors:                                                                                                                                                                    

    Invalid operation requested: This ruleset is required and connot be disabled                                                                                               

    2018-01-23T14:39:12.391Z| executing stop for daemon ntpd.                                                                                                                  

    2018-01-23T14:39:14.549Z| executing start plugin: SSH                                                                                                                      

    2018-01-23T14:39:14.752Z| executing start plugin: DCUI                                                                                                                     

    2018-01-23T14:39:14.955Z| executing start plugin: ntpd                                                                                                                     

    2018-01-23T14:39:15.358Z| executing start plugin: esxui                                                                                                                    

    2018-01-23T14:39:15.965Z| executing start plugin: usbarbitrator                                                                                                            

    2018-01-23T14:39:16.774Z| executing start plugin: iofilterd-spm                                                                                                            

    2018-01-23T14:39:17.177Z| executing start plugin: swapobjd                                                                                                                 

    2018-01-23T14:39:17.580Z| executing start plugin: iofilterd-vmwarevmcrypt                                                                                                  

    2018-01-23T14:39:17.985Z| executing start plugin: sdrsInjector

    2018-01-23T14:39:18.188Z| executing start plugin: storageRM

    2018-01-23T14:39:18.392Z| executing start plugin: vvold

    2018-01-23T14:39:20.204Z| executing start plugin: hostdCgiServer

    2018-01-23T14:39:20.407Z| executing start plugin: sensord

    2018-01-23T14:39:20.813Z| executing start plugin: lbtd

    2018-01-23T14:39:21.017Z| executing start plugin: hostd

    2018-01-23T14:39:21.824Z| executing start plugin: rhttpproxy

    2018-01-23T14:39:22.228Z| executing start plugin: nfcd

    2018-01-23T14:39:22.429Z| executing start plugin: vmfstraced

    2018-01-23T14:39:22.632Z| executing start plugin: rabbitmqproxy

    2018-01-23T14:39:23.438Z| executing start plugin: slpd

    2018-01-23T14:39:23.639Z| executing start plugin: dcbd

    2018-01-23T14:39:23.842Z| executing start plugin: cdp

    2018-01-23T14:39:24.045Z| executing start plugin: nscd

    2018-01-23T14:39:24.246Z| executing start plugin: lacp

    2018-01-23T14:39:24.448Z| executing start plugin: memscrubd

    2018-01-23T14:39:24.651Z| executing start plugin: smartd

    2018-01-23T14:39:24.854Z| executing start plugin: vpxa

    2018-01-23T14:39:25.058Z| executing start plugin: sfcbd-watchdog

    2018-01-23T14:39:26.267Z| executing start plugin: wsman

    2018-01-23T14:39:26.872Z| executing start plugin: snmpd

    2018-01-23T14:39:27.276Z| Jumpstart failed to start: snmpd reason: Execution of command: /etc/init.d/snmpd start failed with status: 1

    2018-01-23T14:39:27.276Z| executing start plugin: xorg

    2018-01-23T14:39:27.680Z| executing start plugin: vmtoolsd



  • 2.  RE: Reload new ssl certificate without reboot
    Best Answer

    Posted Jan 23, 2018 03:11 PM

    You need to put the new certificates on the ESXi 6.5 and restart management agents -> not required to start services.sh

    Once the management agents are restarted, pls connect to the ESXi host via browser and identify which certificate it is pulling now..

    Thanks,

    MS



  • 3.  RE: Reload new ssl certificate without reboot

    Posted Jan 23, 2018 03:47 PM

    I once again checked all possibilities of reloading the certificates - still not working.

    Rebooted the server - certificate is still old.

    Found the error on my side: the script that copied the certificate to ESXi followed the wrong symlink and uploaded an old certificate.

    Sorry for the noise, that was completely my fault.

    Thanks for your help!