You are encountering a similar error when installing for the Spring Cloud Services tile and the "Disable SSL certificate verification for this environment" feature is enabled under Tanzu Application Service (TAS), networking:

Task 2834 | 09:37:09 | Preparing deployment: Preparing deployment (00:00:04)
Task 2834 | 09:37:13 | Preparing deployment: Rendering templates (00:00:03)
Task 2834 | 09:37:16 | Preparing package compilation: Finding packages to compile (00:00:00)
Task 2834 | 09:37:26 | Updating instance spring-cloud-services: spring-cloud-services/e665928d-ae45-4cb9-8e9f-b723523511cf (0) (canary) (00:06:08)
Updating deployment:
Expected task '2834' to succeed but state is 'error'
Exit code 1
L Error: 'spring-cloud-services/e665928d-ae45-4cb9-8e9f-b723523511cf (0)' is not running after update. Review logs for failed jobs: scs-service-broker, mirror-service
Task 2834 | 09:43:34 | Error: 'spring-cloud-services/e665928d-ae45-4cb9-8e9f-b723523511cf (0)' is not running after update. Review logs for failed jobs: scs-service-broker, mirror-service

Checking the logs for the scs-service-broker or mirror-service would show an error similar to the error below:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_222]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_222]
    at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_222]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330) ~[na:1.8.0_222]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:289) ~[na:1.8.0_222]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[na:1.8.0_222]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[na:1.8.0_222]
    ... 29 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_222]
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_222]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_222]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[na:1.8.0_222]
    ... 35 common frames omitted

VMware recommends customers leverage the Ops Manager or BOSH certificate management supported by SCS 3.x.

Note: The "Disable SSL certificate verification for this environment" is not supported.

Ops Manager 

If you have used Ops Manager to generate your certificates, on the security screen under BOSH Director, please make sure “Include Ops Manager Root CA in Trusted Certs” is checked. This will put the Ops Manager root CA on all VMs and indicate it’s trusted. That means all certs generated by Ops Manager will be automatically trusted and you don’t have the side effects of disabling SSL certificate validation.

1. Trust certificate authority managed by the Ops Manager.

  a. In the Installation Dashboard of Ops Manager, navigate to the BOSH Director tile’s settings.
  b. Click Security.
  c. In Trusted Certificates, tick "Include Ops Manager Root CA in Trusted Certs"
  d. Click Save.

2. Return to the Ops Manager Installation Dashboard and apply your changes to BOSH, VMware Tanzu Application Service for VMs (TAS), and the Spring Cloud Services tile.

Private Certificate Authority

If your certificates were generated using a private certificate authority (CA), like a corporate CA, you will need to take a slightly different approach. On the security screen under BOSH Director, you will need to include your certificate authority's public key under Trusted certificates. This will add the certificate authority to all the virtual machines and applications running on the foundation.

1. Add the private CA’s certificate to the BOSH trusted certificates.

  a. In the Installation Dashboard of Ops Manager, navigate to the BOSH Director tile’s settings.
  b. Click Security.
  c. In Trusted Certificates, enter the CA’s certificate.
  d. Click Save.

2. Ensure that the truststore on each VM has the private CA’s certificate.

  a. Still in the BOSH Director tile’s settings, click Director Config.
  b. Enable the Recreate all VMs checkbox.

3. Return to the Ops Manager Installation Dashboard and apply your changes to the BOSH, the VMware Tanzu Application Service for VMs (TAS), and the Spring Cloud Services tile.