When upgrading NSX from SDDC Manager, Pre-check errors are encountered regarding certificate expiration on NSX
Article ID: 418425
Updated On:
Products
Issue/Introduction
During the process of upgrading VCF within the management domain NSX upgrade, all other components have been upgraded but management cluster failed at step: "NSX UPGRADE STAGE MANAGER PRECHECK".
See screenshot below:
Further detail on this failure we can see that the error was the result of an expired NSX certificate.
See screenshot below:
"The certificate with ID #############-####-####-####-############ failed validation: The certificate has expired. Please delete or replace this certificate prior to upgrading"
Environment
- VMware NSX
Cause
NSX Manager has expired certificates that must be replaced to complete the upgrade
Resolution
- Consult this KB to check for expired NSX certificates: NSX upgrade pre-check warning: "The certificate with ID ### failed validation. The certificate has expired. Please delete or replace this certificate prior to upgrading."
- Once all expired certificates are replaced then you can proceed to re-run the pre-checks in SDDC manager.
Note: It may take up to 5 minutes for the upgrade to start to show progression.
Additional Information
Follow this KB if only the LOCAL MANAGER certificate is expired: Replacing local manager certificate in a non federated VMware NSX-T environment
If multiple certificates are expired than follow this KB to script the replacement of all expired certificates. Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX
Feedback
