Certificate for Transport Node is approaching expiration is seen on NSX GUI for standalone Transport node 

CARR script from KB 369034 was executed by customer which cleared alarms on Transport nodes in the cluster but the alarm on standalone host remained.

4.2.3.1

CARR script modified certificates on transport nodes present in the cluster but it may not have updated the certificate of standalone ESXi host.

The certificate (host-cert.pem in /etc/vmware/nsx) was still updated with old certificates 

During situations when the alarm "Certificate for Transport node expiration approaching" is seen for standlaone ESXi hosts, perform the below actions 

1. Check the validity of the "host-cert.pem" on the host from folder /etc/vmware/nsx/ using command  >> openssl x509 -in host-cert.pem -noout -text 
2. If the validity of the certificate is approaching expiry, generate a new self signed certificate by following KB 345823
3. Update the newly generated self-signed certificate on the host following the procedure in KB https://knowledge.broadcom.com/external/article/345823/
4. Check the validity of the new host-cert on the ESXi host from folder /etc/vmware/nsx/ using command  >> openssl x509 -in host-cert.pem -noout -text 
5. Push the certificate to NSX manager using command >> nsxcli -c push host-certificate <Manager hostname-or-IP> username admin thumbprint <thumbprint of NSX manager>
6. To get the NSX manager thumbprint execute command on NSX manager >> get certificate api thumbprint
7. This certificate is then pushed to the NSX manager and the alarm should get resolved for the affected transport node on NSX GUI