• Regenerating a self-signed certificate with the command /opt/vmware/appliance/bin/generate-appliance-certificates.sh as per the steps in the documentation fails with the following error:

ERROR: OpenSSL encountered an error creating vcd_ova key.

• Running the ovfenv command on the Cloud Director cells fails with the following error:

Unable to find the ovf environment

VMware Cloud Director 10.5.1.1

VMware Cloud Director 10.6.1

There are two possible cause for this issue

1. vApp Options are disabled on the cells in vCenter.Cloud Director cells use vApp Options to store configuration parameters set during deployment from OVA and vApp Options should never be disabled on the cell VMs in vCenter.
2. If you reboot the VMware Cloud Director VM by using a method other than using the vSphere Client, for example, by using vSphere High Availability or VMware Host Client, after the reboot, the deployment OVF parameters are deleted from the ovfenv.xml file ( Known Issue in VCD 10.5.1.1,see release notes)

To workaround the issue, follow the steps below as required for the specific scenario seen.

Scenario 1: When the vApp Options are disabled:

Re-activate the vApp Options for the primary cell in vCenter as per the steps in the documentation. Also see the reference screenshot below:


 

1. If one of the standby cell VMs has vApp Options enabled with the correct ovf environment variables populated then it can be promoted to be the new primary. This new primary replaces the existing old primary cell which has vApp Options disabled.
2. To promote the standby cell to be the new primary follow the Cloud Director documentation, Switch the Roles of Your Primary and a Standby VMware Cloud Director Cell in a Database High Availability Cluster.
3. After promoting a new primary, the old primary cell should now have the standby role. This old primary can then be unregistered as per the Cloud Director documentation, Unregister a Running Standby Cell in a Database High Availability Cluster.
   
   Note: For the primary node to function normally, at least one standby node must always be running.
   
   
4. After unregistering the old primary node it can be re-added as a new standby cell as per the Cloud Director documentation, Configure Your VMware Cloud Director Standby and Application Cells.
5. The operation to renew the self-signed certificates can then be retried once it has been confirmed that the cell VMs now have vApp Options enabled and populated in vCenter.

1. Take a backup of the Cloud Director cell as per the Cloud Director documentation, Back Up the Embedded Database of the VMware Cloud Director Appliance.
2. Power off, but do not delete, the existing primary and standby cell VMs and rename them if desired.
3. Deploy a new primary cell and restore Cloud Director as per the Cloud Director documentation, Restore the Primary VMware Cloud Director Appliance. The new primary cell will have its vApp Options enabled after being deployed.
4. After restoring Cloud Director cell additional standby cells can be added as per the Cloud Director documentation, Configure Your VMware Cloud Director Standby and Application Cells.
5. The operation to renew the self-signed certificates can then be retried once it has been confirmed that the cell VMs now have vApp Options enabled and populated in vCenter.
6. Clean up any remaining old powered off cells as desired once Cloud Director has been confirmed to be operating correctly. To remove the failed appliances directly from vCenter, refer Remove VMs or VM Templates from vCenter Server or from the Datastore

Scenario 2: When the vApp options are enabled but the ovfenv.xml file is empty

• Power off and then power on the VMware Cloud Director Cell VMs by using the vSphere Client.
  For guidance on how to change the power state of a virtual machine from the vCenter, refer the documentation.
• Verify by running the ovfenv command on the appliance to see if the values are populated.

VCD 10.5.x: Renew Your VMware Cloud Director Appliance Certificates

VCD 10.6.x : Certificate Management in the VMware Cloud Director Appliance

Impact/Risks:
Warning: A snapshot of the primary cell VM and a backup of the Cloud Director database must be taken before attempting to make any changes to it directly, Back Up the Embedded Database of the VMware Cloud Director Appliance. 

When taking snapshots while the appliances are running, snapshot the primary first before the standby's. Also the best practice is to snapshot the appliances while powered off so that the standby's wont miss any writes committed by the primary.