• Cloud builder unable to deploy VCF / management domain
• vcf-bringup-debug.log:
  
  [bringup,67937cb9dec3b5fb66b496bdcd12556f,6874] ERROR [c.v.e.s.v.v.EsxiHostValidator,pool-2-thread-10] Error occurred while validating ESX host<FQDN>
com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <FQDN> doesn't match any of the subject alternative names: [localhost.localdomain]
  
  
• Cloud builder workflow fails on "error found during configuration file validation"

Failed to get SSH key ESXi host <FQDN>

VMware Cloud Foundation 5.x

This Issue would occur if there is no matching FQDN for the hosts in the Certificate's subject alternative names and validate the vLAN ID's matching the deployment playbook. 

To re-generate ESXi host certificate to match subject alternate name (SAN) with ESXI host FQDN , refer the following steps. 

1. Log in to the ESXi Host Client.
2. Enable SSH on the ESXi host.
   
   • In the navigation pane, click Manage and click the Services tab.
   • Select the TSM-SSH service and click Start if not started.
3. Log in to the ESXi host using an SSH client such as Putty.
4. Regenerate the self-signed certificate by executing the following command
   /sbin/generate-certificates


5. Reboot the ESXi to apply the changes
   reboot
   
   
6. Verify the correct hostname is listed.
   • openssl x509 -in /etc/vmware/ssl/rui.crt -noout -text
   • X509v3 Subject Alternative Name should match the ESXi host FQDN
7. Repeat this procedure for all remaining hosts and restart the task on cloud builder.