"HTTP Status 500 - Internal Server Error" when accessing VCSA using client browser vSphere Client

search cancel

book

calendar_today

VMware vCenter Server

vCenter Server Machine SSL Certificate expired.
"HTTP Status 500 - Internal Server Error" when accessing VCSA using client browser vSphere Client.
"No Healthy Upstream" Error may show when accessing the VCSA.
vCenter Frequently getting unreachable.

VMware vCenter Server 7.x

VMware vCenter Server 8.x

vCenter Server requires a valid Machine SSL certificate along with valid Solution User Certificates for vCenter services to start/run.

Snapshot the vCenter as per the best practices in VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice
Connect to the VCSA via SSH as root user.
Validate vCenter certificates using the query below on vCenter per: Verify and resolve expired vCenter Server certificates using command line interface
```
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
```
Identify the expired certificate and use one of the below tools to replace the expired certificates
- vCert: vCert - Scripted vCenter Expired Certificate Replacement
- fixcerts: Replace certificates on vCenter server using the Fixcerts script
- Certificate Manager: Using vSphere Certificate Manager to Replace SSL Certificates

After replacing certificates, restart services using:

service-control --stop --all; service-control --start --all

thumb_up Yes

thumb_down No