• VMware Vcloud Director cell service will not come up after certificate renewal 
• In cell-runtime.log under /opt/vmware/vcloud-director/logs , we see errors as below: 

^{Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid}

VMware Vcloud Director 10.x

This happens if the certificate chain is out of order. 

Note: Since 10.5.1 and later, the Service Admin portal needs to be accessible as that is the only supported way to update cell certificates. In cases where the portal is not accessible any more, try one of the options below : 

• Option 1: Revert to the snapshots for the cells prior to the certificate update process and restart the process
• Option 2: Use API
  - Add cert library item :
  https://developer.broadcom.com/xapis/vmware-cloud-director-openapi/v37.1/certificate-library/index?scrollString=certificate%20library
  
  - Update endpoint :
  https://developer.broadcom.com/xapis/vmware-cloud-director-openapi/v38.1/cloudapi/1.0.0/cells/cellUrn/accessEndpoints/put/index?scrollString=cell%20certificate
• Option 3:
  Update the certificate_library_item_consumer table in vcloud database to point back to the old certificates. Open a SR for more instructions. 

For more information, see SSL Certificate Creation and Management of Your VMware Cloud Director Appliance.