vSphere Client version 7.0.2.00500ESXi client version: 1.34.8ESXi client build number: 17417756ESXi version: 7.0.2ESXi build number: 17867351
In vSphere client UI I connected a single ESXi host to a datacenter.
I assigned a license and set lockdown mode to "disabled".
It worked as expected e.g. VM consoles were only available in vSphere and not directly on the ESXi host.
When I disconnected (Datacenter -> myhost -> right click -> Connection -> Disconnect) I could no longer use host's web GUI directly: "Unknown error on logout".
Root user was not locked:
[root@myhost:~] pam_tally2 --user rootLogin Failures Latest failure Fromroot 0
I went back to web GUI to see "Please refresh your browser" and after refreshing "Your connection is not private".
It turned out that both our custom SSL certificate files (wildcard SAN multidomain) - rui.key, rui.crt were automatically reverted to the factory defaults.
Is it a normal behaviour?
They were supposed to be saved beforehand and the file was there:
[root@myhost:~] cat /etc/vmware/ssl/rui.log## Host private key and certificate backup from 2021-11-12 13:53:15.923#
-----BEGIN PRIVATE KEY-----(...)-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----(...)-----END CERTIFICATE-----
Unfortunately both the key and the certificate were exactly the same as the factory default so this clearly went wrong.
I can put our cert files back and restart management agents from DCUI (no downtime) but it's still quite annoying.