After upgrading ESXi, it shows disconnected in vSphere Client.

• ESXi host is operating normally.
• ESXi Host Client is accessible.
• vSphere Client shows "Disconnected from host. Reason: Cannot verify the SSL trust."
• "Adding host" task is stuck at 80%.

Solution user certificates and VECS permission issues.

Check certificates with vCert tool. (To learn more about vCert, see vCert - expired certificate replacement script

1. Execute vCert script.
2. Enter 1 to perform a full check on all certificates.
3. There could be one or more "NO SAN" at "Solution User" and "PERMISSION" at vpxd-extension in VECS.
   1. If there is "NO SAN", enter "3", "2", "1" to replace Solution User certificates with VMCA-signed certificates.
   2. If there is "PERMISSION" at VECS, enter "5", "4", "y" to reassign permissions to VECS stores.
4. Restart all vCenter services.
5. Remove host from inventory.
6. Add host to cluster. The host should be added to vCenter successfully.