• When accessing vCenter Server, you experience UI access failure where the web interface becomes inaccessible or displays certificate errors.
• Additionally, in Enhanced Link Mode environments, one vCenter Server cannot see the inventory of other linked vCenter Servers, breaking the expected connectivity between them.
• You may also observe an alarm in vCenter Server that states "Certificate vCenter is about to expire."
• This affects critical vCenter Server functionality, preventing proper management of your virtual infrastructure and disrupting Enhanced Link Mode capabilities.

Seen in:

• vCenter Server 7.0 and later versions
• vCenter Server instances using either self-signed certificates or custom certificates

The vCenter Server Machine SSL certificate (also known as __MACHINE_CERT) has a limited validity period. When this certificate expires, the vCenter Server security mechanisms prevent normal authentication and connection processes. This security measure is designed to maintain the integrity of encrypted communications but results in UI access failure when the certificate is no longer valid.

In Enhanced Link Mode environments, the certificate expiration disrupts the trust relationship between linked vCenter Servers. Each vCenter Server validates the certificate of other linked servers during inventory synchronization processes. When a certificate is expired, this validation fails, causing one vCenter Server to be unable to retrieve and display inventory information from the linked server with the expired certificate.

Please note that the certificate will not renew automatically. You will need to manually renew the Machine_SSL certificate. 

To resolve the expired Machine SSL certificate issue in vCenter Server and restore full functionality including UI access and Enhanced Link Mode connectivity:

1. Follow the certificate replacement procedure in the following in order to get the vCenter working on VMCA default certificates:
   
   Replace Machine SSL certificate with a VMware Certificate Authority issued certificate
   
   or
   
   Regenerate certificates using self-signed VMCA

2. For Enhanced Link Mode environments, reboot the other linked vCenter Server(s):

   1. Log in to each linked vCenter Server that was previously unable to view the inventory of the vCenter with the expired certificate.
   2. Perform a full reboot of these vCenter Server(s).
   3. This reboot ensures proper certificate trust and inventory synchronization between linked vCenter Servers.

3. Verify that the issue is resolved:

   1. Access the vCenter Server UI to confirm it is now accessible.
   2. For Enhanced Link Mode environments, verify that all linked vCenter Servers can view each other's inventories.
   3. Check that no certificate expiration alarms are present.
      
      
4. For environments using custom certificates, next refer to Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate