• Custom certificate replacement on ESXi host fails with error "Cannot change the host configuration".
• This error is observed after clicking Finish button in the Certificate upload workflow - select Host -> Configure -> Certificate -> Manage with external CA -> Import and Replace -> Upload the certificate -> Next -> Finish.
• It also shows the warning message, "The certificate Common Name doesn't match the name of the host on which it's going to be installed. This can cause the host to disconnect from vCenter."
  
  

• vSphere ESXi 7.x.
• vSphere ESXi 8.x.

Correct the ESXi hostname and re-generate the certificate by following below steps:

1. Enable SSH on ESXi host, refer Enable SSH from the vSphere Client.
2. Login to ESXi host using root account via SSH
3. Set the hostname with the FQDN by running the following command:

esxcli system hostname set -f <FQDN of the host>
   
   Note: Replace "<FQDN of the host>" with the actual host FQDN.
   
   
4. Re-generate the CSR through the vSphere UI, refer Generate a Certificate Signing Request for a Custom Certificate Using the vSphere Client.
5. Replace the certificate on the ESXi host, refer Replace the Default Certificate with a Custom Certificate Using the vSphere Client.