Symptoms

• vpxd service fails to start as it couldn't validate the certificate.
• From the vcenter server logs we can see the below entry :

YYYY-MM-DDT14:37:57.543+07:00 warning vpxd[06610] [Originator@6876 sub=HttpConnectionPool-000103] Failed to get pooled connection; <cs p:00007f1c9073cbe0, TCP:vCenter IP:443>, SSL(<io_obj p:0x00007f1c807e1068, h:12, <TCP '<vCenter IP : 57424'>, <TCP '<vCenter IP> : 443'>>), duration: 8msec, N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:

--> PeerThumbprint: 94:23:57:1F:A9:E2:##:##:##:##:##:1E:06:89:7B:D9:E7:29:9D:02

--> ExpectedThumbprint:

--> ExpectedPeerName: 172.xx.x.xx

--> The remote host certificate has these problems:

-->

--> * Host name does not match the subject name(s) in certificate.)

VMware vCenter Server Appliance 7.x

The certificate renewal process requires the Fully Qualified Domain Name (FQDN) of the vCenter. The same FQDN is needed in the VMCA. Due to a DNS resolution issue with the vCenter IP, the certificates are not being updated, and the services (vpxd and hvc) are failing to start.

• Record new FQDN of vCenter to DNS and resolve FQDN Name : How to change/update DNS Server IP address for vCenter Server
• Change the hostname of vCenter to the same new FQDN.
• Renew the certificate on vCenter Regenerate vSphere 6.x, 7.x, and 8.0 certificates using self-signed VMCA
• vCenter services will start successfully.