When replacing certificates in the VCSA via CLI we get the following error in the Certificate-Manager:

Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y

Please provide valid SSO and VC privileged user credential to perform certificate operations.

Enter username [[email protected]]:[email protected]
Enter password:***************

Certificate Manager tool do not support vCenter HA systems

The vmware folder is missing in  /var/tmp/ directory

1. Take a snapshot of the VCSA.
2. Check if the folder  /var/tmp/vmware  exists
3. If it does not exist,  create /var/tmp/vmware directory 
4. Restart services of the VCSA
5. Try replacing certificates using Certificate-Manager /usr/lib/vmware-vmca/bin/certificate-manager 
6. If the same error remains, please check if certool.cfg file exists in  /usr/lib/vmware-vmca/share/config directory.
7. If it does not exist, please create it with the below information.

Note: Edit the below file as per the environment details.

#
# Template file for a CSR request
#

# Country is needed and has to be 2 characters
Country = US
Name    = CA
Organization = VMware
OrgUnit = VMware Engineering
State = California
Locality = Palo Alto
IPAddress = 127.0.0.1
Email = [email protected]
Hostname = server.acme.com

Impact/Risks:

If certificates are expired, it is impossible to replace the certificates and bring the vCenter server online.