• An error occurs during the certificate renewal process: “Failed to replace certificate for [SDDC Manager FQDN]”.
• In vcf-commonsvcs.log, you can see logs indicating that name resolution for the SDDC Manager is failing.

YYYY-MM-DDTHH:MM:SS.ZZZ+XXXX ERROR [common,[opid],0eba] [c.v.e.s.a.u.utils.DnsResolutionUtils,http-nio-127.0.0.1-7100-exec-140] Unknown host exception caught while trying to resolve dns name [SDDC Manager FQDN]
java.net.UnknownHostException: <[SDDC Manager FQDN]> could not be resolved: network error
        at org.xbill.DNS.Address.lookupHostName(Address.java:119)
        at org.xbill.DNS.Address.getAllByName(Address.java:175)
        at com.vmware.evo.sddc.appliance.utilities.utils.DnsResolutionUtils.resolveDnsNameToIpAddress(DnsResolutionUtils.java:33)
        at com.vmware.evo.sddc.appliance.utilities.utils.SslCertValidator.checkIfDnsNameResolvesToIp(SslCertValidator.java:327)
        at com.vmware.evo.sddc.appliance.utilities.utils.SslCertValidator.validateCNAndSANDnsName(SslCertValidator.java:284)

• However, when running the dig command from the SDDC Manager, name resolution succeeds:
  dig @[DNS server] [SDDC Manager FQDN]

SDDC Manager 9.x

Name resolution is failing only on the Java service side.

Reboot the SDDC Manager.