• The vSAN Snapshot Service (snapservice) appliance’s Docker container repeatedly fails to initialize and is caught in a restart loop.
• Errors in /var/log/vmware/snapservice/snap-service.log
  Failed to initialize VC client","error":"Post \"https://vCenter.example.com/sdk\": tls: failed to verify certificate: x509: certificate signed by unknown authority.
  
  

8.0

The snapservice container does not trust the vCenter Server’s SSL certificate chain because the necessary root and intermediate CA certificates are missing from its internal trusted store. When the container tries to establish an HTTPS connection to vCenter, it cannot validate the server’s certificate chain. The resulting TLS failure causes the service process to exit, which in turn triggers the Docker restart policy.

1. Download the vCenter certificate bundle:

   curl -k -O https://<vCenter_FQDN>/certs/download.zip
   unzip download.zip certs/lin/*.0

2. Copy all .0 files from the certs/lin folder into the snapservice trust directory:
   

   cp certs/lin/*.0 /etc/ssl/certs/snapservice/

3. Update ownership to snapservice for these files
   

   chown snapservice:snapservice

4. Snapshot Container will pick up the certs on the next automatic restart.
   
   
5. Verify the container status.
   

   docker ps