• Logs sent from the Aria Operations for Logs agents are no longer being received by the Aria Operations for Logs (formerly vRealize Log Insight / vRLI) server.
• This issue occurs immediately after the certificate on the Aria Operations for Logs server has been replaced or regenerated.
• The following error messages are visible in the agent log file liagent_<time_stamp>.log:
  
  SyslogConnectio:260| Connecting to <VRLI_FQDN> : <port number>
SSLVerifyContex:257| Rejecting peer self signed certificate received from '<VRLI_FQDN>'. Public key doesn't match previously stored certificate's key.
SSLVerifyContex:259| If you are using load balancing on the server side, make sure all nodes of the cluster use the same certificate. Please, refer the documentation topic: "Operations for Logs Agents Reject Self-signed Certificate"
AsyncSocket:88     | SSL fatal alert: unknown CA
SyslogConnectio:288| Connection error. certificate verify failed (SSL routines)

Aria Operations for logs 8.18.x

When the Aria Operations for Logs server uses a self-signed certificate (or if the certificate changes unexpectedly), the agent locally caches the initial certificate's public key for security. When the server's certificate is regenerated or replaced, the agent detects a mismatch between the new server certificate and its locally stored key. The agent subsequently drops the connection to prevent potential Man-in-the-Middle (MitM) attacks.

To resolve this issue, you must clear the agent's cached certificate so it can accept the new one:

1. Log in to the host machine where the agent is installed.
2. Locate and delete the expired certificate file stored locally by the agent. On windows the certificate is by default located at 
   C:\ProgramData\VMware\Log Insight Agent\cert
   .
3. Restart the Aria Operations for Logs agent service to trigger a fresh certificate fetch and handshake.
4. Verify the agent status and data ingestion in the Aria Operations for Logs UI.
   
   

Below doc records the same issue and can be of reference: VMware Aria Operations for Logs Agents Reject Self-Signed Certificates.

To replace certificate for Aria Operations for logs, please refer to: Install a self-signed certificate in VMware Aria Operations for Logs 8.12 and Later.