"HTTP Status 500 - Internal Server Error" when accessing VCSA using client browser vSphere Client
Article ID: 324301
Updated On: 04-16-2025
Products
VMware vCenter Server
Issue/Introduction
- vCenter Server Machine SSL Certificate expired
- "HTTP Status 500 - Internal Server Error" when accessing VCSA using client browser vSphere Client
- "No Healthy Upstream" Error may show when accessing the VCSA
- vCenter Frequently getting unreachable
Environment
VMware vCenter Server 8.x
VMware vCenter Server 7.x
Cause
vCenter Server requires a valid Machine SSL certificate for vCenter services to start/run.
Resolution
1. Snapshot the vCenter as per the best practices in VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice
2. Validate vCenter certificates using the query below on vCenter per: Verify and resolve expired vCenter Server certificates using command line interface
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;Identify the expired certificate and use one of the below tools to replace the expired certificates
- vCert: vCert - Scripted vCenter Expired Certificate Replacement
- fixcerts: Replace certificates on vCenter server using the Fixcerts script
- Certificate Manager: Using vSphere Certificate Manager to Replace SSL Certificates
3. After replacing certificates, restart services using:
service-control --stop --all; service-control --start --allAdditional Information
Impact/Risks:
Some browsers do not trust VMCA issued self-signed certificates.
Feedback
Was this article helpful?
Yes
No
Powered by
