Symptoms :

• An alarm is displayed on the Site Recovery page with the message:
  "The certificate of vCenter Server expired on DD/MM/YY

Validation Steps :

• vCenter Server certificate was updated approximately one month ago.
•  Current vCenter certificates are verified that all certificates are valid and up to date.
• vSphere--> Administration-->Certificate management 
• Verify Certificate expiry Date from VCenter using below document 
  Verify and resolve expired vCenter Server certificates using command line interface

Live Site Recovery 9.0.x 

Linked mode VCenters

• The vCenter servers involved in Linked Mode may have different or mismatched SSL certificates. This could be caused by one of the vCenters using an outdated or invalid certificate, even if the certificates were recently replaced.

Cause Validation

•  If one vCenter’s SSL certificate is not trusted by the other vCenter in the linked mode, it leads to a trust mismatch.
•  Run lsdoctor after checking pre-requisites mentioned in  KB : 320837 check using command python lsdoctor.py -l
•  Below output confirmed that SSL trust mismatch in DR VCenter 
  
  2025-03-25T11:52:46 INFO main: You are reporting on problems found across the SSO domain in the lookup service.  This doesn't make changes.
2025-03-25T11:52:46 INFO live_checkCerts: Checking services for trust mismatches...
2025-03-25T11:52:46 INFO generateReport: Listing lookup service problems found in SSO domain
2025-03-25T11:52:46 INFO generateReport: No issues detected in the lookup service entries for ##-dr-####-01.###.###.###(VC 7.0 or CGW).
2025-03-25T11:52:46 INFO generateReport: No issues detected in the lookup service entries for 192.###.###.### (vSphere Replication).
2025-03-25T11:52:46 ERROR generateReport: default-first-site\####-dc-#####-01.####.####.##(vSphere Replication) found SSL Trust Mismatch: Please run python ls_doctor.py --trustfix option on this node.
2025-03-25T11:52:46 INFO generateReport: No issues detected in the lookup service entries for dr-srm.###.##.###(SRM).
2025-03-25T11:52:46 INFO generateReport: No issues detected in the lookup service entries for dc-srm.###.##.##(SRM).
2025-03-25T11:52:46 INFO generateReport: No issues detected in the lookup service entries for dc-vspherereplication.###.###.###(vSphere Replication).
2025-03-25T11:52:46 INFO generateReport: Report generated:  /var/log/vmware/lsdoctor/###-##-#####-01.####.com.##-2025-03-25-115246.json

• Run python lsdoctor.py -t to perform if any trust fix
• Restart all VCenter services using service-control --stop --all && service-control --start --all
• Below output after running trust fix in DR VCenter 
  
  2025-03-25T11:58:24 INFO main: You are reporting on problems found across the SSO domain in the lookup service.  This doesn't make changes.
2025-03-25T11:58:25 INFO live_checkCerts: Checking services for trust mismatches...
2025-03-25T11:58:25 INFO generateReport: Listing lookup service problems found in SSO domain
2025-03-25T11:58:25 INFO generateReport: No issues detected in the lookup service entries for ###-dr-###-01.###.####.kh (VC 7.0 or CGW).
2025-03-25T11:58:25 INFO generateReport: No issues detected in the lookup service entries for 192.###.###.####(vSphere Replication).
2025-03-25T11:58:25 INFO generateReport: No issues detected in the lookup service entries for jmc-dc-####-01.###.com.##(vSphere Replication).
2025-03-25T11:58:25 INFO generateReport: No issues detected in the lookup service entries for dr-srm.####.##.###(SRM).
2025-03-25T11:58:25 INFO generateReport: No issues detected in the lookup service entries for ###-srm.####.###.##(SRM).
2025-03-25T11:58:25 INFO generateReport: No issues detected in the lookup service entries for dc-######.###.###.##(vSphere Replication).
2025-03-25T11:58:25 INFO generateReport: Report generated:  /var/log/vmware/lsdoctor/###-##-####-01.####.###.##-2025-03-25-115824.json