• Machine SSL certificate auto-renewal is not triggered in vCenter Server 8.0 Update 3h or later environments, even when the expiration date is less than 5 days away.
  
  
• Check advanced option value and it sets correctly like this.
  
  vpxd.certmgmt.certs.autoRenewEnabled : true
  vpxd.certmgmt.mode : vmca
  
  
• From the vCenter log file, you can find this log line
  Log file: /var/log/vmware/certificatemanagement/certificatemanagement-expiry.log
  

  [DATE/TIME] [vecsExpiryCheckScheduler-1 [] INFO  com.vmware.certificatemanagement.expiry.VecsCertAutoRenewer  opId=] Skipped auto-renewal of Machine SSL certificate since VCHA is enabled.

vCenter 8.0U3h and above
vCenter HA configured.

This behavior is working as designed and serves as an architectural protection mechanism for vCenter Server.

The Machine SSL certificate auto-renewal feature, introduced in vCenter 8.0 U3h, is designed for Standalone node environments.

Auto renewal function on vCenter HA environment does not support.

Non-disruptive automated certificate renewal is not supported within vCHA environments.

Administrators need to do manual renewal procedure after destroying vCenter HA.