While configuring vCenter HA below error is seen:

This may also lead to passive node going down as seen below: 

vCenter Server 7.x

This was caused due to a mismatch between the vPostgres SSL certificate and the SSL certificate of the vCenter.

When reviewing the passive node's /var/log/vmware/vcha/vcha.log, the below is seen: 

YYYY-MM-DDTHH:MM:SSZ info vcha[21360] [Originator@6876 sub=Cluster opID=SWI-41a7] hostId=XX.XX.XX.XX state=Slave master=xx.xx.xx.xx isolated=false host-list-version=1 config-version=0 vm-metadata-version=0 slv-mst-tdiff-sec=0
YYYY-MM-DDTHH:MM:SSZ error vcha[21381] [Originator@6876 sub=VchaUtil] Error executing command /opt/vmware/vpostgres/current/bin/psql: exit status=[2], stdout=[], stderr=[psql.bin: error: SSL error: certificate verify failed
YYYY-MM-DDTHH:MM:SSZ error vcha[21381] [Originator@6876 sub=VchaUtil] Error executing command /opt/vmware/vpostgres/current/bin/psql: exit status=[2], stdout=[], stderr=[psql.bin: error: SSL error: certificate verify failed

To update the certificate and resolve the issue, follow these steps:

1. Destroy the VCHA configuration.
   
   
2. Back up the current machine SSL certificate and it's key.

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /var/core/Machine_SSL.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /var/core/Machine_SSL.key

     
     3. Navigate to /storage/db/vpostgres_ssl and back up the existing server certificate and key:

cd /storage/db/vpostgres_ssl
cp server.crt server.crt.bkp
cp server.key server.key.bkp

     4. Replace the contents in existing files:

         *Replace contents in server.crt with /var/core/Machine_SSL.crt
         *Replace contents in server.key with /var/core/Machine_SSL.key

     5. Restart all services. 

     6. Reconfigure the VCHA.

This process ensures that the certificate is successfully updated and the issue is resolved.