• When attempting to upgrade a standalone ESXi host from 7.x to latest 8.0 version, you may see error like below when it fails: 

"Hardware precheck of profile 8.0XXXXXXX failed with errors: <SHA1_CERT ERROR: SHA-1 signature found in host certificate castore.pem with subject  /C=BE/O=####################/CN=###########################. Support for certificates with weak signature algorithm SHA-1 has been removed in ESXi 8.0. To proceed with upgrade, replace it with a SHA-2 signature based certificate. Refer to release notes and KB 89424 for more details.>"

• Custom certificate may be in use on the ESXi host 

vSphere ESXi 7.0 

vSphere ESXi 8.0 

Current certificate contains weak signature algorithm SHA-1 and this is not supported on ESXi 8.0 and above 

Please follow following KB article steps to remove the current certificate and regenerate a self-signed cert which will contain correct SHA-2 Signature: "Error: 503 Service Unavailable" unable to access ESXi host client or add host to vCenter after host certificate update

Once this is completed, re-attempt the ESXi host Upgrade