An SSL error will be presented in the vCenter Server UI when attempting to reconnect an ESX host after a rebuilding the host.

• The vCenter has been checked to confirm there are no Solution User certificate issues or VECS permission issues per KB392130.
• "Adding host" task is stuck at 80%.
• The ESX host is operating normally.
• The ESX host client is accessible.
• The ESX host certificate does not include the current hostname as part of the Subject Alternative Name.

vCenter Server 8.0

ESX 8.0

This issue is due to an incorrect SAN hostname within the current ESX certificate.

1. Validate the ESX hostname

# hostname
esx1.fake.domain

2. Backup the current rui.crt and rui.key files for the ESX host.  They are located in the "/etc/vmware/ssl" folder.  Adjust the name of the datastore and folder in the command below accordingly:

cp /etc/vmware/ssl/rui.* /vmfs/volumes/datastore-name/backup-folder

3. Re-create the local host certificates using the following command: 

# /sbin/generate-certificates

4. Reboot the host. 

# reboot

Upon reboot, the host certificate should now reflect the ESX FQDN in the SAN

5. From the vCenter UI, attempt to reconnect the ESX host

Cannot reconnect ESXi hosts in vCenter Server after upgrade. Disconnected from host. Reason: Cannot verify the SSL trust