I am having issues getting past the "Generate and Install VMCA Certificate on SDDC Manager" step. I've tried adding the sddc manager and vCenter IPs to /etc/hosts as well as commenting out the loopback Ips in /etc/hosts. I've tried deploying to standalone host and to vCenter, to vDS and vSS, trying with standard subnets and custom subnets...nothing works. Nslookup on sddc manager is working properly with name and IP. I can see in the log that name resolution is working properly. Pasting some output from vcf-commonsvcs.log. Any suggestions?
2025-12-09T00:29:27.561+0000 INFO [common,69376d1c579cae42fdcaf5a8750d08b6,686c] [c.v.e.s.a.u.u.ApplianceManagerUtils,http-nio-127.0.0.1-7100-exec-8] Writing into file /opt/vmware/vcf/commonsvcs/etc/signed_jwt_token.jwt ...
2025-12-09T00:29:27.577+0000 INFO [common,69376d11571e983b75b6e6e17e30685e,2bcb] [c.v.e.s.a.u.NginxCertUtilityImpl,http-nio-127.0.0.1-7100-exec-7] Replace nginx certificate
2025-12-09T00:29:27.577+0000 INFO [common,69376d11571e983b75b6e6e17e30685e,2bcb] [c.v.e.s.a.u.u.ApplianceManagerUtils,http-nio-127.0.0.1-7100-exec-7] Writing into file /var/opt/vmware/vcf/commonsvcs/workdir/vcf_https.crt ...
2025-12-09T00:29:27.583+0000 INFO [common,69376d1c579cae42fdcaf5a8750d08b6,686c] [c.v.e.s.a.u.NginxCertUtilityImpl,http-nio-127.0.0.1-7100-exec-8] Replace nginx certificate
2025-12-09T00:29:27.583+0000 INFO [common,69376d1c579cae42fdcaf5a8750d08b6,686c] [c.v.e.s.a.u.u.ApplianceManagerUtils,http-nio-127.0.0.1-7100-exec-8] Writing into file /var/opt/vmware/vcf/commonsvcs/workdir/vcf_https.crt ...
2025-12-09T00:29:27.620+0000 INFO [common,69376d11571e983b75b6e6e17e30685e,2bcb] [c.v.e.s.a.u.NginxCertUtilityImpl,http-nio-127.0.0.1-7100-exec-7] Reloading NGINX server ...
2025-12-09T00:29:27.621+0000 ERROR [common,69376d67539485e520b5de2b98d9d141,b706] [c.v.e.s.a.u.u.ApplianceManagerUtils,pool-4-thread-352] /usr/bin/cp: cannot stat '/var/opt/vmware/vcf/commonsvcs/workdir/vcf_https.key': No such file or directory
2025-12-09T00:29:27.622+0000 ERROR [common,69376d1c579cae42fdcaf5a8750d08b6,686c] [c.v.e.s.c.util.LocalProcessService,http-nio-127.0.0.1-7100-exec-8] Local Command Failed with exit value 1.
Output Logs :
Error Logs are stored at LocalProcess ERROR: 2025-12-09 00:29:27 - /usr/bin/cp: cannot stat '/var/opt/vmware/vcf/commonsvcs/workdir/vcf_https.key': No such file or directory
2025-12-09T00:29:27.623+0000 ERROR [common,69376d1c579cae42fdcaf5a8750d08b6,686c] [c.v.e.s.a.u.NginxCertUtilityImpl,http-nio-127.0.0.1-7100-exec-8] Error writing certificate string to certificate file
java.nio.file.NoSuchFileException: /var/opt/vmware/vcf/commonsvcs/workdir/vcf_https.crt
2025-12-09T00:29:27.657+0000 ERROR [common,69376d1c579cae42fdcaf5a8750d08b6,686c] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7100-exec-8] [PGI49E] CERT_REPLACEMENT_FAILED Cannot replace existing certificate with the input cert. Validations did not pass.
Make sure the input cert chain is valid. The structure must be:
server cert followed by intermediate certs followed by CA cert
OR
A self signed server cert
All certs in the chain must conform to X.509 standards.
Also make sure that the DNS name in both the CN field and the optional Subject Alternative Name extension, is a resolvable hostname
com.vmware.evo.sddc.appliance.utilities.error.ApplianceManagerException: Cannot replace existing certificate with the input cert. Validations did not pass.
Make sure the input cert chain is valid. The structure must be:
server cert followed by intermediate certs followed by CA cert
OR
A self signed server cert
All certs in the chain must conform to X.509 standards.
Also make sure that the DNS name in both the CN field and the optional Subject Alternative Name extension, is a resolvable hostname
