Error Code: LCMRAVACONFIG90039 while replacing the certificate in vRealize Automation 8.3 and 8.4
search cancel

Error Code: LCMRAVACONFIG90039 while replacing the certificate in vRealize Automation 8.3 and 8.4


Article ID: 326055


Updated On:


VMware Aria Suite


  • while replacing the certificate in vRA 8.3 and 8.4 environment with multi-tenancy enabled, the operation will fail with error message in LCM log files similar to
    2021-01-06 20:33:53.221 INFO [pool-2-thread-11] c.v.v.l.d.v.h.VraPreludeInstallHelper - -- Certificate with sha256 sum: 95ff4321a46416e667e28886e023c1881734a582d297e8a9123384bd3c6a519f cannot be validated.
    The following FQDN cannot be found in the SAN field of the certificate: "invalid domain" but it is required.
    FQDNs found in certificate SAN field: ['load-balancer-fqdn', 'tenant(s) fqdns']
    FQDNs supplied for validation: ['load-balancer-fqdn', 'invalid fqdns's']
Note: In the above error message:
invalid domain - represents invalid (non-existent) vra fqdn.
load-balancer-fqdn - The load-balancer of the vRA if vRA is clustered, else the fqdn of the vRA node.
tenant(s) fqdns - All fqdns of the tenants separated by comma.
invalid fqdns's - Invalid fqdns, not part of the vRA environment.
  • In the vRealize Suite Lifecucle Manager UI, you will see message similar to:


VMware vRealize Automation 8.4.x
VMware vRealize Automation 8.3.x


This issue is caused when vracli certificate command incorrectly assembles the FQDNs of the tenants fail the validation of the certificate.


This issue is resolved in vRealize Automation 8.4.1 , available at VMware Downloads.



  • Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
  • You have access to root user and password
  • You have SSH or console access to each virtual appliance.


  1. SSH / PuTTy into one vRA virtual appliance in the cluster
  2. Download the patch.tgz file from the attachments in the KB.
  3. Copy the file to the vRA appliance root directory.
  4. SSH to the appliance.
  5. Run the following command
    cd /; tar -zxvf ./patch_vracli.tgz
Note: If the vRA is clustered, repeat steps 1-4 on every appliance.


patch get_app