• Virtual Volumes (vVols) storage renews certificate
• vVols become inaccessible in vCenter inventory even through VASA profile is still online
• The datastore is unable to show capacity with the command line:
• In /var/run/log/vvold.log of ESXi there may be similar messages:
  
  YYYY-MM-DDTHH:MM:SS error vvold [2102847] [Originator@6876 sub=Default] VasaSession::DoSetContext: setContext for VP Storage VASA 2.0 Provider (url:
https://<VASA-Provider-FQDN>:3034/vasa-provider/vasa2/vasaService) failed [connectionState: AuthorizationError]: INVALID_LOGIN (SSL_ERROR_SSL
--> error:14090086:SSL routines:ss13_get_server_certificate:certificate verify failed
--> unable to get local issuer certificate / SSL/TLS handshake failed)

VMware vSphere ESXi 7.0.x
VMware vSphere ESXi 8.0.x

ESXi host does not contain the VMCA certificate of vCenter Server. The VP (VASA-Provider) certificate is signed by VMCA. If ESXi host lost VMCA certificate, it will not be able verify the VP certificate.

1. Confirm VP certificate is signed by VMCA with the command in ESXi: 
   
   # openssl s_client -connect <VASA-Provider-FQDN>:3034 -showcerts
   
   
2. Confirm the VMCA certificate is not in the /etc/vmware/ssl/castore.pem of ESXi
3. Download VMCA certificate from vCenter with the KB Download and install vCenter Server root certificates to avoid web browser certificate warnings
4. Add the VMCA certificate to the /etc/vmware/ssl/castore.pem of ESXi with the KB Adding Custom Certificate on ESXi hosts through CLI
5. Restart virtual volumes service in ESXi:
   
   # /etc/init.d/vvold restart