Symptoms:

• CSR Generation has failed on SDDC Manager for a WLD vCenter with the following error:
  Failed to generate CSR for <vCenter_fqdn>t due to: I/O error on POST request for "https://<vCenter_fqdn>/rest/com/vmware/cis/session/": PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed.
  
  
  
• Run the command for your environment, shows the vCenter's Machine SSL certificate was expired:
  From vCenter Appliance: Run the following command in a console window or SSH session to the vCenter VM:
  for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;

VMware Cloud Foundation 5.x

 The vCenter's Machine SSL certificate has expired.

1. Take a power off snapshots of all vCenters in Linked Mode.
2. Use a vCert script to renew the vCenter's Machine SSL certificate with a VMCA certificate.
3. Login to SDDC Manager UI and refresh the page.