VCF - The certificate replacement fails during the upload step (Certificate chain is not valid)
search cancel

VCF - The certificate replacement fails during the upload step (Certificate chain is not valid)

book

Article ID: 384245

calendar_today

Updated On:

Products

VMware Cloud Foundation 5.x VMware Cloud Foundation 4.x VMware Cloud Foundation

Issue/Introduction

The certificate replacement fails during the upload step with the below error in the operations manager log:

2024-07-10T10:15:45.494+0000 DEBUG [vcf_om,668e5f513fe0b1d17a07512be2fb5078,b881] [c.v.v.c.s.f.i.CertificateOperationsFacadeImpl,http-n
io-127.0.0.1-7300-exec-3] DomainCertificateOperation: {"workflowId":"x#x#x#x#x#","domainName":"x#x#x#","op
erationType":"REPLACE_CERTIFICATE","operationStatus":"*****","resourceCertificateOperations":[{"resource":{"hostName":"x#x#x#x#","resourceType":"sddcmanager","master":false},"result":{"status":"FAILED","message":"{\"code\":\"CERTIFICATE_VALIDATION_HAS_F
AILED\",\"args\":[\"*****\",\"Certificate chain is not valid.\"]}"},"creationTimestamp":1720606519140,"updateTimestamp":1720606535475}]
,"retryOperation":false}

Cause

File permissions are most likely incorrect or the certificate file is old.

Resolution

SSH to SDDC Manager and navigate to the path "/opt/vmware/vcf/operationsmanager/certificates/<domain name>". Check for the file permissions and the last modified time. It should look something like:

-rw-r--r-- 1 vcf_operationsmanager vcf 2171 Jul 31 08:55 rootca.crt
drwxr-xr-x 2 vcf_operationsmanager vcf 4096 Jul 31 08:55 sddc-manager.example.com

Take a snapshot of the SDDC Manager VM (no memory required) as a precautionary measure.

Run the following to remove old certificates:

rm -rf /opt/vmware/vcf/operationsmanager/certificates/<domain name>

Retry the replacement operation by generating the CSR.

Powered by Wolken Software