Hello,
my vcsa portal stopped working because certification expiry and when I tried to use fixsts.sh script, it didn't work properly - I need guidance before proceeding here.
when I'm opening the vpxd.log this is what I find:
2024-03-05T17:55:21.757-02:00 error vpxd[23534] [Originator@6876 sub=IO.Http] User agent failed to send request; (null), N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
--> PeerThumbprint:
--> ExpectedThumbprint:
--> ExpectedPeerName: localhost
--> The remote host certificate has these problems:
-->
--> * Host name does not match the subject name(s) in certificate.)
--> [context]zKq7AVECAQAAAG0mVQEOdnB
You seems to have a same error as outlined in the below post and there's resolution to it. Please refer the same.
https://communities.vmware.com/t5/vCenter-Server-Discussions/The-host-name-used-for-the-connection-d...
The error message 'Host name does not match the subject name(s) in certificate' in the context of a VCSA portal certificate expiration issue is caused by a mismatch of the machine PNID listed in the Subject Alternative Name (SAN) field of the existing MACHINE_SSL_CERTIFICATE and the replacement certificate. The PNID is equal to the System Name parameter input during deployment of vCenter. The System Name can either be a Fully Qualified Domain Name (FQDN) or an IP address. This mismatch can occur due to any difference in case or value between the SAN entries, including extra fields.
To renew your expired VCSA certificate, first take a snapshot of the VCSA VM. Then, check the STS cert validity using the checksts.py script and renew it with fixsts.sh if needed. Restart all services, and run the Lookup Service Doctor to fix any SSL trust mismatches that may have broken trust relationships.
Finally, use the Certificate Manager to regenerate the VMCA Root and replace all certificates. Verify services are running and you can access vCenter.