VMware Cloud Community
hamidsattarrana
Enthusiast
Enthusiast

vCenter Certificate Status Error

Hello!

vCenter has been showing a server certificate status error for a few days, I could not figure out how to fix it. 

Thanks in advance.

vCenter Version: 7.0.3 

Build: 18778458

hamidsattarrana_0-1698313718520.png

 

Reply
0 Kudos
10 Replies
hamidsattarrana
Enthusiast
Enthusiast

Any one please help me to fix this issue? I am not an expert. 

Thanks in Advance.

Reply
0 Kudos
nordhuus
Enthusiast
Enthusiast

Use certificate-manager to generate new ones.

https://kb.vmware.com/s/article/2112283

_____________________________________________
If this post helps you, please leave Kudo or mark this reply as an answer
Reply
0 Kudos
hamidsattarrana
Enthusiast
Enthusiast

Hello!

I just want to renew the machine SSL certificate. I am attaching the certificate screenshot please check.

2nd I want to know is there any downtime in this procedure. We have servers in production?

Also when I tried to renew it from vsphere client I got the error.

Thanks in advance.

 

hamidsattarrana_0-1699876877338.png

 

Reply
0 Kudos
battybishop
Hot Shot
Hot Shot

I've had issues using the GUI before so use the command line option as per https://kb.vmware.com/s/article/2112283

 

Reply
0 Kudos
hamidsattarrana
Enthusiast
Enthusiast

Is there any downtime?

Reply
0 Kudos
battybishop
Hot Shot
Hot Shot

There is a small "blip" as the new certificate is applied but all VM's will stay up and running

Reply
0 Kudos
hamidsattarrana
Enthusiast
Enthusiast

Hello!

I choose the option 3 to renew machine ssl certificate. And this happened. I can't open gui anymore.
 
This is the logs from. It's vCenter 7.0.3
2023-11-14T14:00:19.244Z INFO certificate-manager ['__MACHINE_CERT']
2023-11-14T14:00:19.327Z INFO certificate-manager lstool command currently being executed is- : ['/usr/java/jre-vmware/bin/java', '-Djava.security.properties=/etc/vmware/java/vmware-override-java.security', '-cp', '/usr/lib/vmware-lookupsvc/lib/lookup-client.jar:/usr/lib/vmware-lookupsvc/lib/*:/usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/*', '-Dlog4j.configuration=tool-log4j.properties', 'com.vmware.vim.lookup.client.tool.LsTool', 'get-site-id', '--url', 'https://10.10.8.10:443/lookupservice/sdk', '--no-check-cert']
2023-11-14T14:00:21.221Z ERROR certificate-manager 'lstool get-site-id' failed: 1
2023-11-14T14:00:21.222Z INFO certificate-manager Error while reverting certificate for store : MACHINE_SSL_CERT
2023-11-14T14:00:21.222Z ERROR certificate-manager Error while performing rollback operation, please try Reset operation...
2023-11-14T14:00:21.223Z ERROR certificate-manager please see /var/log/vmware/vmcad/certificate-manager.log for more information.
 
 
Reply
0 Kudos
hamidsattarrana
Enthusiast
Enthusiast

I installed lsdoctor and now getting these errors when I try to run it.

 

root@localhost [ ~/download/lsdoctor-230919 ]# python lsdoctor.py --help
2023-11-14T21:25:18 ERROR _getSslCert: Got connection refused when getting cert on 443! Is rhttpproxy running?
root@localhost [ ~/download/lsdoctor-230919 ]#
root@localhost [ ~/download/lsdoctor-230919 ]# python lsdoctor.py --trustfix
2023-11-14T21:27:34 ERROR _getSslCert: Got connection refused when getting cert on 443! Is rhttpproxy running?

Reply
0 Kudos
navina
Enthusiast
Enthusiast

Revert back to snapshot and use the fixcerts script.

https://kb.vmware.com/s/article/90561?lang=en_US

Regards,
Navin A
Reply
0 Kudos