VMware vSphere

 View Only
Back to discussions
Expand all | Collapse all

vCenter Certificate Status Error

  • 1.  vCenter Certificate Status Error

    Posted Oct 26, 2023 09:48 AM

    Hello!

    vCenter has been showing a server certificate status error for a few days, I could not figure out how to fix it. 

    Thanks in advance.

    vCenter Version: 7.0.3 

    Build: 18778458

    hamidsattarrana_0-1698313718520.png

     



  • 2.  RE: vCenter Certificate Status Error

    Posted Oct 27, 2023 09:20 PM

    Any one please help me to fix this issue? I am not an expert. 

    Thanks in Advance.



  • 3.  RE: vCenter Certificate Status Error



  • 4.  RE: vCenter Certificate Status Error

    Posted Oct 28, 2023 09:33 PM

    Use certificate-manager to generate new ones.

    https://kb.vmware.com/s/article/2112283



  • 5.  RE: vCenter Certificate Status Error

    Posted Nov 13, 2023 12:01 PM

    Hello!

    I just want to renew the machine SSL certificate. I am attaching the certificate screenshot please check.

    2nd I want to know is there any downtime in this procedure. We have servers in production?

    Also when I tried to renew it from vsphere client I got the error.

    Thanks in advance.

     

    hamidsattarrana_0-1699876877338.png

     



  • 6.  RE: vCenter Certificate Status Error

    Posted Nov 13, 2023 04:26 PM

    I've had issues using the GUI before so use the command line option as per https://kb.vmware.com/s/article/2112283

     



  • 7.  RE: vCenter Certificate Status Error

    Posted Nov 13, 2023 08:39 PM

    Is there any downtime?



  • 8.  RE: vCenter Certificate Status Error

    Posted Nov 13, 2023 09:14 PM

    There is a small "blip" as the new certificate is applied but all VM's will stay up and running



  • 9.  RE: vCenter Certificate Status Error

    Posted Nov 14, 2023 02:25 PM

    Hello!

    I choose the option 3 to renew machine ssl certificate. And this happened. I can't open gui anymore.
     
    This is the logs from. It's vCenter 7.0.3
    2023-11-14T14:00:19.244Z INFO certificate-manager ['__MACHINE_CERT']
    2023-11-14T14:00:19.327Z INFO certificate-manager lstool command currently being executed is- : ['/usr/java/jre-vmware/bin/java', '-Djava.security.properties=/etc/vmware/java/vmware-override-java.security', '-cp', '/usr/lib/vmware-lookupsvc/lib/lookup-client.jar:/usr/lib/vmware-lookupsvc/lib/*:/usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/*', '-Dlog4j.configuration=tool-log4j.properties', 'com.vmware.vim.lookup.client.tool.LsTool', 'get-site-id', '--url', 'https://10.10.8.10:443/lookupservice/sdk', '--no-check-cert']
    2023-11-14T14:00:21.221Z ERROR certificate-manager 'lstool get-site-id' failed: 1
    2023-11-14T14:00:21.222Z INFO certificate-manager Error while reverting certificate for store : MACHINE_SSL_CERT
    2023-11-14T14:00:21.222Z ERROR certificate-manager Error while performing rollback operation, please try Reset operation...
    2023-11-14T14:00:21.223Z ERROR certificate-manager please see /var/log/vmware/vmcad/certificate-manager.log for more information.
     
     


  • 10.  RE: vCenter Certificate Status Error

    Posted Nov 14, 2023 09:29 PM

    I installed lsdoctor and now getting these errors when I try to run it.

     

    root@localhost [ ~/download/lsdoctor-230919 ]# python lsdoctor.py --help
    2023-11-14T21:25:18 ERROR _getSslCert: Got connection refused when getting cert on 443! Is rhttpproxy running?
    root@localhost [ ~/download/lsdoctor-230919 ]#
    root@localhost [ ~/download/lsdoctor-230919 ]# python lsdoctor.py --trustfix
    2023-11-14T21:27:34 ERROR _getSslCert: Got connection refused when getting cert on 443! Is rhttpproxy running?



  • 11.  RE: vCenter Certificate Status Error

    Broadcom Employee
    Posted Nov 19, 2023 12:40 PM

    Revert back to snapshot and use the fixcerts script.

    https://kb.vmware.com/s/article/90561?lang=en_US