This issue is resolved in VMware vRealize Automation 7.4 available at
VMware Downloads.
Workaround:
1. Revert the environment to the state before upgrade.
2. Back up your current certificate file on all virtual appliance nodes:
cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bak
3. Remove the chain certificate from /opt/vmware/etc/lighttpd/server.pem for all virtual appliance nodes.
4. Run the following commands:
service vami-lighttp restart
service haproxy restart
5. Wait for 10 minutes to allow the PostgreSQL database to be updated with correct certificates data.
6. Verify that the certificates stored in the PostgreSQL database are correct :
sudo -u postgres -i -- /opt/vmware/vpostgres/current/bin/psql vcac -c "SELECT node_host,node_cert from cluster_nodes where node_type='VA';"
You should see output similar to:
node_host | node_cert
MASTER_VA.domain.com | MIIDNDCCAhwCCQDAYlr48T0k0DANBgkqhkiG9w0BAQUFADBcMQ8wDQYDVQQDEwZWTXdhcmUxFTATBgNVBAoTDFZNd2FyZSwgSW5jLjElMCMGA1UECxMcdkNBQyBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCVVMwHhcNMTUxMDI4MTIyOTI2WhcNND
MwMzE1MTIyOTI2WjBcMQ8wDQYDVQQDEwZWTXdhcmUxFTATBgNVBAoTDFZNd2FyZSwgSW5jLjElMCMGA1UECxMcdkNBQyBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKdM8FkNjK065gC0Dp9/3WdXNSrQnRpUfkTAiOlMvFpzbfuZfP8cW
aWjEPLri+yd+iUDLUYWBfxJajdnnG5NacjHbBxjFAkX5BF7ymtJrdfal0nw9furNNXRVLzbXZUcwvABxoZTldOWgezul0KeNjcEyHMwSGRhQ/uaQvfHRb2Y/I7FGpmB/EBu9Q4ehYBeE69oHvH7foHNBPtsMwcQnbm+pn1zGoBe78auSwPKwBV6C+Q/Y11h22lZnU/cxFcEfnYHUtbqPPHlOZXInHjiSir4aWykEZ+U8/
1dZy8ty+Xt5+ka/d5NZd4/2aneyLUn/CEeXCwP2GK6nb6HVn70lXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBACvebOo1jFsRevrjuAn0Vu+Qav/g1KcgNFSr7w0phcE8uxBxzyheo9vBU64Q/ckSI4BDcekt/JEMlDIMIvI3Ld7LkDo4xa3e+qjSwwfe2NrxbMSqSRWRUGk/hUuePhYUxcLNpfO3PfkHiKo9AX+r/UGM7
hy/B75ZIbHk6EsV23rTrW/muB8NAXKKwVpOQeUYMKhgMhh6aLE7Q4e4wrXQQNQSD0IXBh232HcYrEQorhwutkdc8fNMg/YwwknRSlA8n4T89vPjYLF6Gy0l0ouRhRI/rgMiYIOoAp4hdPh0HSz8wh0UWQpc6ZhYISc9EkSTB0VAWZIxaZGrNf7sZdT5DYo=
REPLICA_VA.domain.com | MIIDNDCCAhwCCQDAYlr48T0k0DANBgkqhkiG9w0BAQUFADBcMQ8wDQYDVQQDEwZWTXdhcmUxFTATBgNVBAoTDFZNd2FyZSwgSW5jLjElMCMGA1UECxMcdkNBQyBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCVVMwHhcNMTUxMDI4MTIyOTI2WhcNND
MwMzE1MTIyOTI2WjBcMQ8wDQYDVQQDEwZWTXdhcmUxFTATBgNVBAoTDFZNd2FyZSwgSW5jLjElMCMGA1UECxMcdkNBQyBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKdM8FkNjK065gC0Dp9/3WdXNSrQnRpUfkTAiOlMvFpzbfuZfP8cW
aWjEPLri+yd+iUDLUYWBfxJajdnnG5NacjHbBxjFAkX5BF7ymtJrdfal0nw9furNNXRVLzbXZUcwvABxoZTldOWgezul0KeNjcEyHMwSGRhQ/uaQvfHRb2Y/I7FGpmB/EBu9Q4ehYBeE69oHvH7foHNBPtsMwcQnbm+pn1zGoBe78auSwPKwBV6C+Q/Y11h22lZnU/cxFcEfnYHUtbqPPHlOZXInHjiSir4aWykEZ+U8/
1dZy8ty+Xt5+ka/d5NZd4/2aneyLUn/CEeXCwP2GK6nb6HVn70lXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBACvebOo1jFsRevrjuAn0Vu+Qav/g1KcgNFSr7w0phcE8uxBxzyheo9vBU64Q/ckSI4BDcekt/JEMlDIMIvI3Ld7LkDo4xa3e+qjSwwfe2NrxbMSqSRWRUGk/hUuePhYUxcLNpfO3PfkHiKo9AX+r/UGM7
hy/B75ZIbHk6EsV23rTrW/muB8NAXKKwVpOQeUYMKhgMhh6aLE7Q4e4wrXQQNQSD0IXBh232HcYrEQorhwutkdc8fNMg/YwwknRSlA8n4T89vPjYLF6Gy0l0ouRhRI/rgMiYIOoAp4hdPh0HSz8wh0UWQpc6ZhYISc9EkSTB0VAWZIxaZGrNf7sZdT5DYo=
...
Note:
a. The fixed server.pem file should contain only 1 key and 1 certificate section.
It should be clear of newlines and incorrect end-of-line symbols. Like below sample:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAynTPBZDYytOuYAtA6ff91nVzUq0J0aVH5EwIjpTLxac237mX
....
YoPfKhEPoH9zpZN3/6ttUaIBx+8W+j8dVLMkqYpGZREulXUUeafEoQ==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDNDCCAhwCCQDAYlr48T0k0DANBgkqhkiG9w0BAQUFADBcMQ8wDQYDVQQDEwZW
....
Gy0l0ouRhRI/rgMiYIOoAp4hdPh0HSz8wh0UWQpc6ZhYISc9EkSTB0VAWZIxaZGr
Nf7sZdT5DYo=
-----END CERTIFICATE-----
b. The node_cert field in the database should contain only the VAMI certificate configured in server.pem, without extra BEGIN/END CERTIFICATE lines. It should also be clear of newlines and incorrect symbols.
7. Login to the vRealize Automation Management Console and navigate to vRA Settings > Cluster page. Verify that all IaaS nodes have recent "Last Connected" time.
8. Retry the upgrade.