When deploy the VCF through Cloud Builder, the following error is encountered during the "Generate and Install VMCA Certificate on SDDC Manager" task.

2024-12-10T09:45:12.899+0000 [bringup,67580d6cba5cd3bbabfe47e6ef69dfcb,dcba] ERROR [c.v.e.s.o.model.error.ErrorFactory,pool-2-thread-13] [K15C70] SDDC_MANAGER_INSTALL_CERT_FAILED Failed to install VMCA Certificate on SDDC Manager <SDDC-FQDN>
com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Failed to install VMCA Certificate on SDDC Manager <SDDC-FQDN>
        at com.vmware.evo.sddc.sddcmanager.InstallSddcManagerVmcaCertificateAction.execute(InstallSddcManagerVmcaCertificateAction.java:139)
        at com.vmware.evo.sddc.sddcmanager.InstallSddcManagerVmcaCertificateAction.execute(InstallSddcManagerVmcaCertificateAction.java:72)
        at com.vmware.evo.sddc.orchestrator.platform.action.FsmActionState.invoke(FsmActionState.java:62)
        at com.vmware.evo.sddc.orchestrator.platform.action.FsmActionPlugin.invoke(FsmActionPlugin.java:159)
        at com.vmware.evo.sddc.orchestrator.platform.action.FsmActionPlugin.invoke(FsmActionPlugin.java:144)
        at com.vmware.evo.sddc.orchestrator.core.ProcessingTaskSubscriber.invokeMethod(ProcessingTaskSubscriber.java:400)
        at com.vmware.evo.sddc.orchestrator.core.ProcessingTaskSubscriber.processTask(ProcessingTaskSubscriber.java:520)
        at com.vmware.evo.sddc.orchestrator.core.ProcessingTaskSubscriber.accept(ProcessingTaskSubscriber.java:124)
        at jdk.internal.reflect.GeneratedMethodAccessor117.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:569)
        at com.google.common.eventbus.Subscriber.invokeSubscriberMethod(Subscriber.java:85)
        at com.google.common.eventbus.Subscriber.lambda$dispatchEvent$0(Subscriber.java:71)
        at com.vmware.vcf.common.tracing.TraceRunnable.run(TraceRunnable.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Failed to install VMCA Certificate on SDDC Manager <SDDC-FQDN>
        at com.vmware.evo.sddc.sddcmanager.InstallSddcManagerVmcaCertificateAction.invokeApiAndWaitForTask(InstallSddcManagerVmcaCertificateAction.java:251)
        at com.vmware.evo.sddc.sddcmanager.InstallSddcManagerVmcaCertificateAction.execute(InstallSddcManagerVmcaCertificateAction.java:130)
        ... 16 common frames omitted
Caused by: org.springframework.web.client.HttpClientErrorException$BadRequest: 400 : "{"errorCode":"REST_INVALID_API_INPUT","arguments":[],"message":"Invalid input","nestedErrors":[{"errorCode":"ANNOTATIONS_MISMATCH","arguments":["The Certificate Chain 'CN=<SDDC-FQDN>,OU=VMware Engineering,O=VMware,L=Palo Alto,ST=California,C=US' is valid from '2024-12-10T09:45:16Z' to '2026-11-30T09:45:16Z'"],"message":"Following conditions do not match - The Certificate Chain 'CN=<SDDC-FQDN>,OU=VMware Engineering,O=VMware,L=Palo Alto,ST=California,C=US' is valid from '2024-12-10T09:45:16Z' to '2026-11-30T09:45:16Z'"}],"referenceToken":"VOU5DF"}"

The beginning time of the certificate is later than the current time.

For this instance, the root cause is that there is too much delay for DNS resolution of vCenter Server FQDN in SDDC Manager. 

To workaround the issue, bypass the DNS resolution by manually adding vCenter Server FQDN resolution in /etc/hosts of SDDC Manager:

1. Before the Cloud Builder goes to the task login the SDDC Manager in web console or SSH
2. Edit the /etc/hosts
   
   # vi /etc/hosts
   
   
3. Add the vCenter Server resolution. 
   
   Sample:
   #.#.#.#  <VC-FQDN>
   
   NOTE: #.#.#.# is the IP address of vCenter Server