Failed to load installed certificate(s). Something went wrong. Please retry or contact the service provider and provide the reference token.
search cancel

Failed to load installed certificate(s). Something went wrong. Please retry or contact the service provider and provide the reference token.

book

Article ID: 425271

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • The Certificates tab fails to load for Management or VI Workload Domains within the SDDC Manager UI and VCF Operations UI.

  • /var/log/vmware/vcf/operationsmanager/operationsmanager.log, indicates a failure during the certificate validation process specifically when checking the autoRenew configuration status for the NSX ALB component.

yyyy-mm-hhThh:mm:ss DEBUG [vcf_om,] [c.v.v.c.c.util.NDCComplianceChecker,om-exec-24] Checking autoRenew status for {"version":"","hostName":"avi_loadBalancer_FQDN","id":"####-####-####","vmName":"","resourceType":"nsx_alb","credentials":[],"sans":[null,"avi_loadBalancer_FQDN"],"master":true}, with caType 

yyyy-mm-hhThh:mm:ss  DEBUG [vcf_om] [c.v.v.c.c.util.NDCComplianceChecker,http-nio-127.0.0.1-7300-exec-4] Auto Renew configuration for domain ####-####-#### is ENABLED
yyyy-mm-hhThh:mm:ss  DEBUG [vcf_om] [c.v.v.c.c.util.NDCComplianceChecker,http-nio-127.0.0.1-7300-exec-4] Domain auto-renew configuration enabled. Checking CA type and NDC Support.
yyyy-mm-hhThh:mm:ss ERROR [vcf_om] [c.v.v.c.r.a.c.v.CertificateManagementController,http-nio-127.0.0.1-7300-exec-4] Failed to get cached certificate summary of all the resources in a domain java.lang.NumberFormatException: For input string: ""
com.vmware.vcf.certmgmt.common.exception.CertificateManagementException: Failed to fetch expiry details for the certificates.

Caused by: java.lang.NumberFormatException: For input string: ""
        at java.base/java.lang.NumberFormatException.forInputString(NumberFormatException.java:67)
        at java.base/java.lang.Long.parseLong(Long.java:721)
        at java.base/java.lang.Long.parseLong(Long.java:836)
        at com.vmware.evo.sddc.common.util.VersionComparator.compareIntString(VersionComparator.java:56)
        at com.vmware.evo.sddc.common.util.VersionComparator.compare(VersionComparator.java:36)
        at com.vmware.vcf.certmgmt.common.util.NDCComplianceChecker.isVersionGreaterOrEqual(NDCComplianceChecker.java:73)
        at com.vmware.vcf.certmgmt.common.util.NDCComplianceChecker.isNDCCompliant(NDCComplianceChecker.java:60)
        at com.vmware.vcf.certmgmt.common.util.NDCComplianceChecker.getAutoRenewStatus(NDCComplianceChecker.java:107)
        at com.vmware.vcf.certmgmt.service.facade.impl.CertificateOperationsFacadeImpl.fillAutoRenewStatus(CertificateOperationsFacadeImpl.java:684)
        at com.vmware.vcf.certmgmt.service.facade.impl.CertificateOperationsFacadeImpl.fillAutoRenew(CertificateOperationsFacadeImpl.java:640)
        at com.vmware.vcf.certmgmt.service.facade.impl.CertificateOperationsFacadeImpl.getCachedCertificatesForDomain(CertificateOperationsFacadeImpl.java:400)
        ... 164 common frames omitted
yyyy-mm-hhThh:mm:ss  DEBUG [vcf_om] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-4] Processing localizable exception Failed to fetch expiry details for the certificates.
yyyy-mm-hhThh:mm:ss  ERROR [vcf_om] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-4] [68ES19] CERTIFICATE_EXPIRY_FETCH_FAILED Failed to fetch expiry details for the certificates.

  • This issue is isolated to domains where VMware NSX Advanced Load Balancer (NSX ALB) is deployed. Domains without NSX ALB installed are unaffected and load the certificate page successfully.

Environment

VCF 9.0.0
VCF 9.0.1

Cause

  • The issue is triggered when Certificate Auto-renewal is enabled in VCF Operations.

  • During the certificate auto-renew status check the version of ALB returns as null or empty value. Hence, the compliance check fails, resulting in a failure to fetch the certificates for that domain.

Resolution

This is a know issue in 9.0.0 and 9.0.1. Integration between NSX ALB and VCF Operations for certificate management is currently not supported in VCF 9.0.

This is resolved in the upcoming patch - VCF 9.0.2.

Workaround:

As a workaround, disable the auto renew option from VCF Ops.

  1. Log in to the VCF Operations console using an account with Administrator privileges.
  2. Expand Fleet Management > Certificates.
  3. Navigate to VCF Management > VCF Instances and click on the VCF domain.
  4. Use the Activate Auto-renewal toggle to disable auto-renewal.



  5. Review the information and click Confirm.
  6. Return to the SDDC Manager / VCF Operations UI and reload the page. The certificate information should now be visible and accessible.

Note: After applying the VCF 9.0.2 Patch, you may safely re-enable the Auto-renewal option to resume automated certificate management for that domain.

Additional Information

Set Up Automatic Renewal of Certificates in VMware Cloud Foundation -  https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/fleet-management/certificate-management-9-0/set-up-automatic-renewal-of-certificates-in-vmware-cloud-foundation.html 

Automatic Certificate Renewal in VMware Cloud Foundation 9.0 -  https://blogs.vmware.com/cloud-foundation/2025/06/19/automatic-certificate-renewal-in-vcf-9/ 

Powered by Wolken Software