Setting up the UMDS shared repository in vCenter under Lifecycle Manager > Settings > Download Sources fails with error "The download source https://xxxxx is invalid or cannot be reached now"
Article ID: 435261
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
In an offline VCF 9 environment, adding the UMDS shared repository, in vCenter fails with error "The download source https://<TBD> is invalid or cannot be reached now".
On SDDC side we see the following error
Name Downloading Esx metadata, vibs and vendor add-ons
Type UMDS_SYNC
Statu FAILED
Error Message: Failed to execute UMDS command: /opt/vmware/vmware-umds/bin/vmware-umds -D -m -info-level error --cdb-url https://<FQDN>:443/umds-patch-store/hostupdate/_hostupdate20-consolidated-index_xml id 81b539c9-8209-4372-b54a-ae9952b676a2
Remediation Message:
Reference Token:Logs on SDDC side state the following:
less -i /var/log/vmware/vcf/lcm/lcm-debug.log
LocalProcess INFO: <DATE> HH:MM:SS - --> backtrace[11] libc.so.6[0x0010916C]
LocalProcess INFO: <DATE> HH:MM:SS - --> backtrace[12] (no module)
LocalProcess INFO: <DATE> HH:MM:SS - --> [backtrace end]
LocalProcess INFO: <DATE> HH:MM:SS - <DATE>THH:MM:SS error vmware-downloadService[2016219] [Originator@6876 sub=DownloadMgr] [downloadMgr 709] Executing download job {140532672113472} throws error: curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: self-signed certificate in certificate chain
LocalProcess INFO: <DATE>THH:MM:SS - <DATE>THH:MM:SS error vmware-downloadService[2016227] [Originator@6876 sub=Default] [updateDownloaderImpl 116] File download error: curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: self-signed certificate in certificate chain
LocalProcess INFO: <DATE>THH:MM:SS - <DATE>THH:MM:SS error vmware-downloadService[2016227] [Originator@6876 sub=Default] [updateDownloaderImpl 245] failed to download vendor index file: https://<UMDS FQDN>:443/umds-patch-store/hostupdate/__hostupdate20-consolidated-index__.xml
LocalProcess INFO: <DATE>THH:MM:SS - <DATE>THH:MM:SS error vmware-downloadService[2016227] [Originator@6876 sub=Default] [hostUpdate20Downloader 205] There was an error downloading from : https://<UMDS FQDN>:443/umds-patch-store/hostupdate/__hostupdate20-consolidated-index__.xmlEnvironment
VCF 9.X
Cause
As the logs states the certificate is wrong/ untrusted/ wrongly formated etc.
as per KB https://knowledge.broadcom.com/external/article/316601/replace-vcenter-machine-ssl-certificate.html we expect the following certificate format.
-----BEGIN CERTIFICATE-----
<alphanumeric certificate characters> <----- Leaf/ server Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<alphanumeric certificate characters> <----- Intermediate Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<alphanumeric certificate characters> <----- Root Certificate
-----END CERTIFICATE-----
Resolution
Verify the certificate chain on the UMDS, either from SDDC or VCSA
# echo | openssl s_client -showcerts -connect <UMDS_FQDN>:443 </dev/null 2>/dev/null | sed -n '/^-----BEGIN CERT/,/^-----END CERT/p'
Make sure the answer in this format
-----BEGIN CERTIFICATE-----
<alphanumeric certificate characters> <----- Leaf/ server Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<alphanumeric certificate characters> <----- Intermediate Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<alphanumeric certificate characters> <----- Root Certificate
-----END CERTIFICATE-----Correct accordingly
Additional Information
Feedback
Yes
No
Powered by
