Upgrade from opsman 3.1.9 to 3.1.10 the director upgrade fails with the vsphere cpi (update from 97.0.20 to 97.0.21) with the following error:

Deploying:

Creating instance 'bosh/0':
Creating VM:
Creating vm with stemcell cid 'sc-ID':
CPI 'create_vm' method responded with error: CmdError{"type":"Unknown","message":"SSL_connect returned=1 errno=0 peeraddr=10.xx.xx.xx:443 state=error: certificate verify failed (unable to get local issuer certificate)","ok_to_retry":false}
Exit code 1
===== 2026-04-24 09:25:00 UTC Finished "/usr/local/bin/bosh --no-color --non-interactive --tty create-env /var/tempest/workspaces/default/deployments/bosh.yml -l /var/tempest/workspaces/default/deployments/vars.yml --package-dir /var/vcap/packages"; Duration: 64s; Exit Status: 1

Ops-Manager 3.1.10

Comes with vSphere CPI 97.0.21

Problem was discovered with the CPI version where in situation vcenter certificate is present the CPI perfroms a check that fails certificate validation.

If no Certificate is present in the Bosh tile -> vCenter Config -> vCenter CA Certificate the deployment completes. however applying valid Ca certificate would cause a failure with error from above

There is a new release https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-1/tanzu-ops-manager/release-notes.html#-v3.1.11

with vSphere CPI version reverted:

vSphere CPI    97.0.20*