Symptoms:

-  Following a replacement of ESXi custom certificates, many failed tasks related to deploying vCLS VMs to the hosts are seen in Recent Tasks.

-  The eam.log file contains the following error message:

2024-09-05T19:44:27.542Z |  INFO | cluster-agent-4 | DeployVmJob.java | 554 | Zero-config deployemnt attempt failed(EamIOException->EamAppException[Upload request failed. Response:HTTP/1.1 526 Invalid SSL Certificate [content-length: 2955, content-type: text/plain, date: Thu, 05 Sep 2024 19:44:27 GMT, server: envoy, connection: close] [Content-Length: 2955,Chunked: false]]), vSAN=false . Trying next.

This issue occurs when the ESXi hosts have not been rebooted after certificate replacement (per ESXi certificate replacement procedure: https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-A261E6D8-03E4-48ED-ADB6-473C2DAAB7AD.html).  The certificate thumbprint in the vCenter database needs to be updated, which happens on connect to the ESXi host.

Reboot the ESXi hosts that have had the certificates replaced.  This will update the thumbprint of the ESXi host in the vCenter database.