Recently we had an issue in our production environment vcenters to renew the Machine SSL Cert and I was not able to do it using GUI in vcenter as it was showing an error message:

you can see in the above screenshot the error message it was showing when trying to renew the Machine Cert from the vCenter UI.

We checked the output from the vdt python script which we can get from the KB article (KB Article 90561) which shows the complete health of the vcenter server.

by looking at the FAIL checks in the machine certs on the vcenter, we decided to use the fixcerts.py script from the KB article 90561. This KB article lets you download a python script which can be used to fix the expired certs or to replace all the certs. We have decided to go and replace all the certs as our vcenters which are part of VCF 5.2 were upgraded from previous VCF Versions and the certs on the vcenter was created by External PSC’s in vSphere 6.7 a few years ago which don’t exist because the PSC’s are now embedded in the vcenter itself.

we had to use the fixcerts.py script to regenerate all the certs on the management and workload domain vcenter.

after regenerating and renewing the machine cert on the vcenters, we faced another issue with SDDC manager not able to recognize the vcenters because of their Cert changes. We will discuss this issue and its resolution in another post coming up.