Here's the full output from running the command (showing the errors). I only scrubbed the FQDN:

C:\Program Files\VMware\vCenter Server\python\python.exe" ls_update_certs.py --u

rl https://vcenter.domain.local/lookupservice/sdk --fingerprint a1:35:e1:9c:a4:59:d

d:cb:3d:c1:50:e7:82:78:81:f0:b6:85:7d:b8 --certfile C:\certificates\new_machine.

crt --user Administrator@vsphere.local --password "Passw0rd!"

Get site name

2016-04-07 09:35:44,077 INFO  com.vmware.vim.vmomi.core.types.impl.VmodlContextI

mpl$NonValidatingClassPathXmlApplicationContext - Refreshing com.vmware.vim.vmom

i.core.types.impl.VmodlContextImpl$NonValidatingClassPathXmlApplicationContext@7

52d2e33: startup date [Thu Apr 07 09:35:44 MDT 2016]; root of context hierarchy

2016-04-07 09:35:44,223 INFO  org.springframework.beans.factory.xml.XmlBeanDefin

itionReader - Loading XML bean definitions from class path resource [com/vmware/

vim/binding/vmodl/context_v2.xml]

2016-04-07 09:35:44,868 INFO  com.vmware.vim.vmomi.core.types.impl.VmodlContextI

mpl$NonValidatingClassPathXmlApplicationContext - Closing com.vmware.vim.vmomi.c

ore.types.impl.VmodlContextImpl$NonValidatingClassPathXmlApplicationContext@752d

2e33: startup date [Thu Apr 07 09:35:44 MDT 2016]; root of context hierarchy

2016-04-07 09:35:44,877 INFO  com.vmware.vim.vmomi.core.types.impl.VmodlContextI

mpl$NonValidatingClassPathXmlApplicationContext - Refreshing com.vmware.vim.vmom

i.core.types.impl.VmodlContextImpl$NonValidatingClassPathXmlApplicationContext@e

06234e: startup date [Thu Apr 07 09:35:44 MDT 2016]; root of context hierarchy

2016-04-07 09:35:44,879 INFO  org.springframework.beans.factory.xml.XmlBeanDefin

itionReader - Loading XML bean definitions from class path resource [com/vmware/

vim/binding/vmodl/context_v2.xml]

2016-04-07 09:35:44,931 INFO  com.vmware.vim.vmomi.core.types.impl.VmodlContextI

mpl$NonValidatingClassPathXmlApplicationContext - Closing com.vmware.vim.vmomi.c

ore.types.impl.VmodlContextImpl$NonValidatingClassPathXmlApplicationContext@e062

34e: startup date [Thu Apr 07 09:35:44 MDT 2016]; root of context hierarchy

2016-04-07 09:35:44,938 INFO  com.vmware.vim.vmomi.core.types.impl.VmodlContextI

mpl$NonValidatingClassPathXmlApplicationContext - Refreshing com.vmware.vim.vmom

i.core.types.impl.VmodlContextImpl$NonValidatingClassPathXmlApplicationContext@1

9306a99: startup date [Thu Apr 07 09:35:44 MDT 2016]; root of context hierarchy

2016-04-07 09:35:44,941 INFO  org.springframework.beans.factory.xml.XmlBeanDefin

itionReader - Loading XML bean definitions from class path resource [com/vmware/

vim/binding/lookup/context.xml]

2016-04-07 09:35:45,117 INFO  com.vmware.vim.vmomi.core.types.impl.VmodlContextI

mpl$NonValidatingClassPathXmlApplicationContext - Closing com.vmware.vim.vmomi.c

ore.types.impl.VmodlContextImpl$NonValidatingClassPathXmlApplicationContext@1930

6a99: startup date [Thu Apr 07 09:35:44 MDT 2016]; root of context hierarchy

2016-04-07 09:35:46,410 WARN  com.vmware.vim.vmomi.client.http.impl.HttpConfigur

ationCompilerBase$ConnectionMonitorThreadBase - Shutting down the connection mon

itor.

com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.ex

ception.CertificateValidationException: Server certificate chain not verified

        at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(Respons

eImpl.java:251)

        at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.j

ava:54)

        at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.execute

Runnable(HttpProtocolBindingBase.java:186)

        at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(Ht

tpProtocolBindingImpl.java:115)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$C

allExecutor.sendCall(MethodInvocationHandlerImpl.java:581)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$C

allExecutor.executeCall(MethodInvocationHandlerImpl.java:562)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.c

ompleteCall(MethodInvocationHandlerImpl.java:348)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.i

nvokeOperation(MethodInvocationHandlerImpl.java:308)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.i

nvoke(MethodInvocationHandlerImpl.java:182)

        at com.sun.proxy.$Proxy23.getSiteId(Unknown Source)

        at com.vmware.vim.lookup.client.tool.command.GetSiteIdCommand$1.execute(

GetSiteIdCommand.java:46)

        at com.vmware.vim.lookup.client.tool.command.GetSiteIdCommand$1.execute(

GetSiteIdCommand.java:43)

        at com.vmware.vim.lookup.client.tool.command.Command.callLsEx(Command.ja

va:183)

        at com.vmware.vim.lookup.client.tool.command.Command.callLs(Command.java

:154)

        at com.vmware.vim.lookup.client.tool.command.GetSiteIdCommand.execute(Ge

tSiteIdCommand.java:43)

        at com.vmware.vim.lookup.client.tool.LsTool.app(LsTool.java:67)

        at com.vmware.vim.lookup.client.tool.LsTool.main(LsTool.java:103)

Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: S

erver certificate chain not verified

        at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$Hostname

Verifier.verify(ThumbprintTrustManager.java:308)

        at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.connectSoc

ket(VlsiSslSocketFactory.java:121)

        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFact

ory.java:401)

        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnect

ion(DefaultClientConnectionOperator.java:177)

        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.ja

va:144)

        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPool

edConnAdapter.java:131)

        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(Default

RequestDirector.java:611)

        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultReq

uestDirector.java:446)

        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttp

Client.java:863)

        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp

Client.java:82)

        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp

Client.java:57)

        at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.j

ava:48)

        ... 15 more

Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.ja

va:421)

        at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$Hostname

Verifier.verify(ThumbprintTrustManager.java:296)

        ... 26 more

Traceback (most recent call last):

  File "ls_update_certs.py", line 19, in <module>

    args.password)

  File "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\s

cripts\lstoolutil.py", line 79, in modify_svc_ep_certs

    raise Exception("'lstool get-site-id' failed: %d" % rc)

Exception: 'lstool get-site-id' failed: 1

C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts>

Had a similar error. Turned out my password had a problematic first letter which didn't pass to pyton correctly.

Had to edit the script file:

D:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstoolutil.py

Lines 107 and 108:

From

   update55_ct = _modify_svc_eps(lsUrl, True, ids55, _update_svc_spec, username, password)

   update60_ct = _modify_svc_eps(lsUrl, False, ids60, _update_svc_spec, username, password)

To

   update55_ct = _modify_svc_eps(lsUrl, True, ids55, _update_svc_spec, username, 'MyStupidPassword')

   update60_ct = _modify_svc_eps(lsUrl, False, ids60, _update_svc_spec, username, 'MyStupidPassword')

Shouldn't hit too many out there, but nice to know.