• An attempt to update vCenter Server 8.0 fails during the post-installation phase with the following error message:
  

  "Exception occurred in postInstallHook for B2B-patching. Please check the logs for more details. Take corrective action and then resume"

• The update process rolls back. The logs indicate that the vpxd service fails to start because it cannot generate a new data-encipherment certificate.

• /var/log/vmware/applmgmt/PatchRunner.log

  [YYYY-MM-DDTHH:MM:SS] INFO service_manager Command '[['/bin/service-control', '--start', 'vmware-vpxd']]' has exit-code='1' and stdout: Operation not cancellable. Please wait for it to finish...
  Performing start operation on service vpxd...
  stderr: Error executing start on service vpxd. Details {
      "detail": [
          {
              "id": "install.ciscommon.service.failstart",
              "translatable": "An error occurred while starting service '%(0)s'",
              "args": [
                  "vpxd"
              ],
              "localized": "An error occurred while starting service 'vpxd'"
          }

• /var/log/vmware/vmon/vmon.log
  

  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######             "localized": "An error occurred while invoking external command : 'Command: ['/usr/lib/vmware-vmca/bin/certool', '--server=<vCenter_FQDN>', '--genCIScert', '--dataencipherment', '--privkey=/etc/vmware-vpx/ssl/tmp-data-encipherment.key', '--cert=/etc/vmware-vpx/ssl/tmp-data-encipherment.crt', '--Name=data-encipherment', '--FQDN=<vCenter_FQDN>']\nStderr: '"
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######         },
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######         {
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######             "id": "upgrade.vpxd.cert.create.failed",
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######             "translatable": "Failed to create data encipherment cert with hostname/ip %(0)s.",
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######             "args": [
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######                 "vCenter_FQDN"
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######             ],
  [YYYY-MM-DDTHH:MM:SS] Wa(03)+ host-######             "localized": "Failed to create data encipherment cert with hostname/ip vCenter_FQDN."

This issue occurs because the vCenter server Fully Qualified Domain Name (FQDN) was previously changed, but the data-encipherment certificate was never properly updated to reflect the new FQDN.

During the update, the post-installation patch hook attempts to create or renew this certificate using the old, incorrect FQDN, resulting in the failure.

To resolve this issue renew the Data-Encipherment Certificate by following procedure. 

1. Rollback the failed update:
   Before attempting the manual certificate renewal, revert the vCenter Server to the state it was in prior to the failed update. You can use the rollback feature of the update tool or revert the VM to a snapshot taken before the update process began.
2. Take a new snapshot for vCenter Server:
   Refer Snapshot Best practices for vCenter Server Virtual Machines
3. Regenerate the Certificate:
   Regenerate the data-encipherment certificate ( Replacing an expired data-encipherment certificate on vCenter Server).
4. Retry the Update:
   With the data-encipherment certificate correctly renewed, attempt the vCenter update again. The update process should now complete successfully.