1. 故障描述
vSphere Client 版本 7.0.2.00200
vCenter _MACHINE_CERT快到期了,通过web界面更新证书失败
第一步先这样,重新续订一下证书
续订发生错误
2. 解决办法
2.1. 前提工作
登陆ssh到vcenter,重新生成证书
先关掉HA,不然证书管理会报错。
Connected to service
* List APIs: "help api list"
* List Plugins: "help pi list"
* Launch BASH: "shell"
Command> shell
Shell access is granted to root
root@localhost [ ~ ]# cd /usr/lib/vmware-vmca/bin/
root@localhost [ /usr/lib/vmware-vmca/bin ]# /usr/lib/vmware-vmca/bin/certificate-manager
Certificate Manager tool do not support vCenter HA systems
PSSSSSSSS:记得vCenter做备份,做快照
2.2. 生成计算机ssl证书
生成证书,选择第三个(PS,如果没有域名的,一定要写IP,不然很容易卡在85%,服务不能起来)
root@localhost [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.8 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| NOTE: Solution user certs will be deprecated in a future |
| release of vCenter. Refer to release notes for more details.|
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 3
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:
Enter password:
certool.cfg file exists, Do you wish to reconfigure : Option[Y/N] ? : y
Press Enter key to skip optional parameters or use Previous value.
Enter proper value for 'Country' [Previous value : CN] :
Enter proper value for 'Name' [Previous value : CA] :
Enter proper value for 'Organization' [Previous value : VMware] :
Enter proper value for 'OrgUnit' [Previous value : VMware Engineering] :
Enter proper value for 'State' [Previous value : California] : gd
Enter proper value for 'Locality' [Previous value : Palo Alto] : gz
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : XX.XX.XX.XX
Enter proper value for 'Email' [Previous value : email@acme.com] : q@qq.cc
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : XX.XX.XX.XX
Enter proper value for VMCA 'Name' :XX.XX.XX.XX
You are going to regenerate Machine SSL cert using VMCA
Continue operation : Option[Y/N] ? : y
Get site nameompleted [Replacing Machine SSL Cert...]
default-first-site
Lookup all services
Get service default-first-site:721f0c08-f5fe-4233-aca8-adb8de27427b
Update service default-first-site:721f0c08-f5fe-4233-aca8-adb8de27427b; spec: /tmp/svcspec_nmq8ssku
Get service default-first-site:a8fa2cf1-a539-4327-aa48-c33761a538a4
Update service default-first-site:a8fa2cf1-a539-4327-aa48-c33761a538a4; spec: /tmp/svcspec_o_gl7c_2
Get service default-first-site:204a2a4e-223e-46d6-93e2-fec0c90393c4
Update service default-first-site:204a2a4e-223e-46d6-93e2-fec0c90393c4; spec: /tmp/svcspec__2p8luju
Get service 79e91659-12a1-427b-92e5-11f1cbc2c150
Update service 79e91659-12a1-427b-92e5-11f1cbc2c150; spec: /tmp/svcspec_8zwpgcef
Get service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vrops
Don't update service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vrops
Get service 0cb00c88-bb60-478c-9737-802019c5708a
Update service 0cb00c88-bb60-478c-9737-802019c5708a; spec: /tmp/svcspec_k5szxjgs
Get service 1ee5c2aa-fde0-489a-8f95-f701f84b44c9
Update service 1ee5c2aa-fde0-489a-8f95-f701f84b44c9; spec: /tmp/svcspec_sdbbikhr
Get service 5f15b57d-8269-47d4-88af-c9aab1fd223d
Update service 5f15b57d-8269-47d4-88af-c9aab1fd223d; spec: /tmp/svcspec_mwgz82tz
Get service 56e494d3-f758-461a-8337-e309d1e2d0b4
Update service 56e494d3-f758-461a-8337-e309d1e2d0b4; spec: /tmp/svcspec_b6fwtzz6
Get service d3426061-6261-456f-b5b2-e70d3e56c69e
Update service d3426061-6261-456f-b5b2-e70d3e56c69e; spec: /tmp/svcspec_o08ocymw
Get service 1c5fe660-5abd-453d-9f18-d21ca1a615b9
Update service 1c5fe660-5abd-453d-9f18-d21ca1a615b9; spec: /tmp/svcspec_v__tqn34
Get service 8ccf37e5-c01f-491b-88d1-fd67d6377c2f
Update service 8ccf37e5-c01f-491b-88d1-fd67d6377c2f; spec: /tmp/svcspec_yczoj_f9
Get service 4d101d2f-a50f-4ffd-b03a-f3728817b340
Update service 4d101d2f-a50f-4ffd-b03a-f3728817b340; spec: /tmp/svcspec_wyhs5pfy
Get service 761c8d6c-131f-4136-9e0e-4945917a5607
Update service 761c8d6c-131f-4136-9e0e-4945917a5607; spec: /tmp/svcspec_gjkmay7h
Get service ec372f25-38cf-4cd8-ac92-6ebeff0ff85e
Update service ec372f25-38cf-4cd8-ac92-6ebeff0ff85e; spec: /tmp/svcspec_u4c16zhs
Get service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vsphere.client
Don't update service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vsphere.client
Get service e97549a3-2aa5-4e47-a81b-5b6490837d43
Update service e97549a3-2aa5-4e47-a81b-5b6490837d43; spec: /tmp/svcspec_h26ke7t5
Get service 279f5d2f-f375-41d6-b5d3-8a7e397fb6c8
Update service 279f5d2f-f375-41d6-b5d3-8a7e397fb6c8; spec: /tmp/svcspec_hw2tz45w
Get service 4730664d-0fe7-4e70-b827-bcdf1686d17d
Update service 4730664d-0fe7-4e70-b827-bcdf1686d17d; spec: /tmp/svcspec_mn19ltn_
Get service e64650fc-800d-4855-9b60-bd591562102b
Update service e64650fc-800d-4855-9b60-bd591562102b; spec: /tmp/svcspec_8iz8nl1t
Get service 0c872fd2-b582-4172-8b7e-465f6de28b76
Update service 0c872fd2-b582-4172-8b7e-465f6de28b76; spec: /tmp/svcspec_f3957lva
Get service bf46ae3e-9d26-459a-9703-25000ba81e09
Update service bf46ae3e-9d26-459a-9703-25000ba81e09; spec: /tmp/svcspec_sfje8un0
Get service 430891f7-bb3c-475a-9331-bdb671f1b415
Update service 430891f7-bb3c-475a-9331-bdb671f1b415; spec: /tmp/svcspec_g91d7d9p
Get service 1ee5233a-0737-4b71-b74e-28105ff9361b
Update service 1ee5233a-0737-4b71-b74e-28105ff9361b; spec: /tmp/svcspec_184jc1s2
Get service 6cc99f96-ee9a-406b-9018-2414b837c442_kv
Update service 6cc99f96-ee9a-406b-9018-2414b837c442_kv; spec: /tmp/svcspec_2rjbyjlj
Get service c947d5e0-c832-4b98-9518-c28d5be261c6
Update service c947d5e0-c832-4b98-9518-c28d5be261c6; spec: /tmp/svcspec_d18ux756
Get service cc78a6fe-ee02-414a-a10a-5b9511810c0e
Update service cc78a6fe-ee02-414a-a10a-5b9511810c0e; spec: /tmp/svcspec_nd5ehat0
Get service daaffbbd-5fdb-4aaf-842a-94e4c6948920
Update service daaffbbd-5fdb-4aaf-842a-94e4c6948920; spec: /tmp/svcspec__o82zeym
Get service 206c94d5-8cc7-4646-a93e-389064c64bbe
Update service 206c94d5-8cc7-4646-a93e-389064c64bbe; spec: /tmp/svcspec_oecjimvw
Get service 6cc99f96-ee9a-406b-9018-2414b837c442_authz
Update service 6cc99f96-ee9a-406b-9018-2414b837c442_authz; spec: /tmp/svcspec_du_d2yx4
Get service 26edf5a0-b4e6-41b9-b972-e74c493dab27
Update service 26edf5a0-b4e6-41b9-b972-e74c493dab27; spec: /tmp/svcspec_dc89lu60
Get service 0d85950f-ca7d-4686-aa36-b627ce77fda9
Update service 0d85950f-ca7d-4686-aa36-b627ce77fda9; spec: /tmp/svcspec_igw1rch3
Get service 287c218f-a49f-41fd-b845-1962a1db7b2f
Update service 287c218f-a49f-41fd-b845-1962a1db7b2f; spec: /tmp/svcspec_0fjjjag3
Get service b6332254-0911-4bb1-8461-7e9d7ac18fb2
Update service b6332254-0911-4bb1-8461-7e9d7ac18fb2; spec: /tmp/svcspec_0up89kup
Get service 87899b67-58d6-4d1a-99a1-7a5a47fe8d79
Update service 87899b67-58d6-4d1a-99a1-7a5a47fe8d79; spec: /tmp/svcspec_de6rp33r
Get service 0fbed2c1-0e7e-4fd1-9eaa-78a6af02d788
Update service 0fbed2c1-0e7e-4fd1-9eaa-78a6af02d788; spec: /tmp/svcspec_s5ew895r
Get service 6cc99f96-ee9a-406b-9018-2414b837c442
Update service 6cc99f96-ee9a-406b-9018-2414b837c442; spec: /tmp/svcspec_ue3hi4zt
Get service 79ed9113-fa3f-4f5e-817a-7a11145880c7
Update service 79ed9113-fa3f-4f5e-817a-7a11145880c7; spec: /tmp/svcspec_r0azsaib
Get service 1829b7b8-e755-4db6-9665-439f3f2624d1
Update service 1829b7b8-e755-4db6-9665-439f3f2624d1; spec: /tmp/svcspec_pfbbxyof
Get service 1146b510-76ab-4e88-9a1e-5933b4d64f3e
Update service 1146b510-76ab-4e88-9a1e-5933b4d64f3e; spec: /tmp/svcspec_rncl11rd
Get service 31728e0d-6f78-4da8-93aa-98fb456d5672
Update service 31728e0d-6f78-4da8-93aa-98fb456d5672; spec: /tmp/svcspec_7i1z6ff9
Get service 196f8571-ac23-4a80-882f-aba9deb7989b
Update service 196f8571-ac23-4a80-882f-aba9deb7989b; spec: /tmp/svcspec_jkmbsi93
Get service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vcops
Don't update service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vcops
Get service bc991693-97a8-4993-949d-d5eb461d4824
Don't update service bc991693-97a8-4993-949d-d5eb461d4824
Get service 1652cda7-3207-431e-9d82-031ceffb42b4
Update service 1652cda7-3207-431e-9d82-031ceffb42b4; spec: /tmp/svcspec_xth2o90b
Get service 659e024f-fa27-4d0a-bcb8-54634aea9679
Update service 659e024f-fa27-4d0a-bcb8-54634aea9679; spec: /tmp/svcspec_5g731icv
Get service b7c2a448-af0e-4d7e-a892-0d307bd9ee9d
Update service b7c2a448-af0e-4d7e-a892-0d307bd9ee9d; spec: /tmp/svcspec_3e61aymd
Updated 43 service(s)
Status : 85% Completed [starting services...]
Status : 100% Completed [All tasks completed successfully]
2.3. 删除旧的证书
# 查看一下现有的证书
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias : 6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
Not After : May 25 02:23:47 2031 GMT
[*] Store : machine
Alias : machine
Not After : May 25 02:23:47 2031 GMT
[*] Store : vsphere-webclient
Alias : vsphere-webclient
Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd
Alias : vpxd
Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd-extension
Alias : vpxd-extension
Not After : May 25 02:23:47 2031 GMT
[*] Store : hvc
Alias : hvc
Not After : May 25 02:23:47 2031 GMT
[*] Store : data-encipherment
Alias : data-encipherment
Not After : May 25 02:23:47 2031 GMT
[*] Store : APPLMGMT_PASSWORD
Alias : location_password_default
[*] Store : SMS
Alias : sms_self_signed
Not After : May 30 02:28:11 2031 GMT
[*] Store : wcp
Alias : wcp
Not After : May 30 02:19:32 2023 GMT
[*] Store : BACKUP_STORE
Alias : bkp___MACHINE_CERT
Not After : May 30 14:23:47 2023 GMT
Alias : bkp_machine
Not After : May 25 02:23:47 2031 GMT
Alias : bkp_vsphere-webclient
Not After : May 25 02:23:47 2031 GMT
Alias : bkp_vpxd
Not After : May 25 02:23:47 2031 GMT
Alias : bkp_vpxd-extension
Not After : May 25 02:23:47 2031 GMT
Alias : bkp_hvc
Not After : May 25 02:23:47 2031 GMT
Alias : bkp_wcp
Not After : May 30 02:19:32 2023 GMT
Alias : __MACHINE_CERT
Not After : May 11 08:21:25 2025 GMT
# 删除证书
root@localhost [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli store delete --name BACKUP_STORE -y
Successfully deleted store [BACKUP_STORE]
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias : 6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
Not After : May 25 02:23:47 2031 GMT
[*] Store : machine
Alias : machine
Not After : May 25 02:23:47 2031 GMT
[*] Store : vsphere-webclient
Alias : vsphere-webclient
Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd
Alias : vpxd
Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd-extension
Alias : vpxd-extension
Not After : May 25 02:23:47 2031 GMT
[*] Store : hvc
Alias : hvc
Not After : May 25 02:23:47 2031 GMT
[*] Store : data-encipherment
Alias : data-encipherment
Not After : May 25 02:23:47 2031 GMT
[*] Store : APPLMGMT_PASSWORD
Alias : location_password_default
[*] Store : SMS
Alias : sms_self_signed
Not After : May 30 02:28:11 2031 GMT
[*] Store : wcp
Alias : wcp
Not After : May 30 02:19:32 2023 GMT
2.4. 再更新wcp证书
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-543BB100-515E-4FFF-8D88-7D73E4CB8248.html
root@localhost [ /tmp ]# vim certool.cfg
root@localhost [ /tmp ]# cat certool.cfg
#
# Template file for a CSR request
#
# Country is needed and has to be 2 characters
Country = US
Name = CA
Organization = VMware
OrgUnit = VMware Engineering
State = gd
Locality = Palo Alto
IPAddress = 127.0.0.1
Email = email@acme.com
Hostname = xx.xx.xx.xx
root@localhost [ /tmp ]# /usr/lib/vmware-vmca/bin/certool --genkey --privkey=/tmp/wcp.priv --pubkey=/tmp/wcp.pub
Status : Success
root@localhost [ /tmp ]# /usr/lib/vmware-vmca/bin/certool --gencert --privkey=/tmp/wcp.priv --cert /tmp/wcp.crt --Name=wcp --config /tmp/certool.cfg
Using config file : /tmp/certool.cfg
Status : Success
root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/dir-cli service list
Enter password for administrator@vsphere.local:
1. machine-4b340ebe-d18a-427a-b130-d92673fd97fd
2. vsphere-webclient-4b340ebe-d18a-427a-b130-d92673fd97fd
3. vpxd-4b340ebe-d18a-427a-b130-d92673fd97fd
4. vpxd-extension-4b340ebe-d18a-427a-b130-d92673fd97fd
5. hvc-4b340ebe-d18a-427a-b130-d92673fd97fd
6. wcp-4b340ebe-d18a-427a-b130-d92673fd97fd
# 停止服务
root@localhost [ /var/log/vmware/vpxd ]# service-control --stop --all
Operation not cancellable. Please wait for it to finish...
Performing stop operation on service observability...
Successfully stopped service observability
Performing stop operation on service vmware-pod...
Successfully stopped service vmware-pod
Performing stop operation on service vmware-vdtc...
Successfully stopped service vmware-vdtc
Performing stop operation on profile: ALL...
Successfully stopped service vmware-vmon
Successfully stopped profile: ALL.
Performing stop operation on service vmcad...
Successfully stopped service vmcad
Performing stop operation on service vmdird...
Successfully stopped service vmdird
Performing stop operation on service vmafdd...
Successfully stopped service vmafdd
Performing stop operation on service lwsmd...
Successfully stopped service lwsmd
# 再启动相关服务
root@localhost [ /var/log/vmware/vpxd ]# service-control --start vmafdd
Operation not cancellable. Please wait for it to finish...
Performing start operation on service vmafdd...
Successfully started service vmafdd
root@localhost [ /var/log/vmware/vpxd ]# service-control --start vmdird
Operation not cancellable. Please wait for it to finish...
Performing start operation on service vmdird...
Successfully started service vmdird
root@localhost [ /var/log/vmware/vpxd ]# service-control --start vmcad
Operation not cancellable. Please wait for it to finish...
Performing start operation on service vmcad...
Successfully started service vmcad
# 更新证书
root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/dir-cli service update --name wcp-4b340ebe-d18a-427a-b130-d92673fd97fd --cert /tmp/wcp.crt
Enter password for administrator@vsphere.local:
Service [wcp-4b340ebe-d18a-427a-b130-d92673fd97fd] updated successfully
root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store wcp --alias wcp
Warning: This operation will delete entry [wcp] from store [wcp]
Do you wish to continue? Y/N [N]
y
Deleted entry with alias [wcp] in store [wcp] successfully
root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry create --store wcp --alias wcp --cert /tmp/wcp.crt --key /tmp/wcp.priv
Entry with alias [wcp] in store [wcp] was created successfully
# 启动服务
root@localhost [ /tmp ]# service-control --start --all
# 查看证书时间更新了
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias : 6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
Not After : May 25 02:23:47 2031 GMT
[*] Store : machine
Alias : machine
Not After : May 25 02:23:47 2031 GMT
[*] Store : vsphere-webclient
Alias : vsphere-webclient
Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd
Alias : vpxd
Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd-extension
Alias : vpxd-extension
Not After : May 25 02:23:47 2031 GMT
[*] Store : hvc
Alias : hvc
Not After : May 25 02:23:47 2031 GMT
[*] Store : data-encipherment
Alias : data-encipherment
Not After : May 25 02:23:47 2031 GMT
[*] Store : APPLMGMT_PASSWORD
Alias : location_password_default
[*] Store : SMS
Alias : sms_self_signed
Not After : May 30 02:28:11 2031 GMT
[*] Store : wcp
Alias : wcp
Not After : May 11 08:50:55 2025 GMT
3. 参考KB
https://kb.vmware.com/s/article/2112277
https://kb.vmware.com/s/article/2015600lang=zh_CN
https://kb.vmware.com/s/article/2097936lang=zh_cn
https://medium.com/@ITsolutions/vmware-vcenter-certificate-replacement-7d2e7fa3fb89
https://captainvops.com/2022/12/16/vcenter-8-machine-ssl-certificate-management/
https://vninja.net/2022/08/08/expired-vmware-vcenter-7-certificates/
4. 命令
# 开启sftp
chsh -s /bin/bash root
查看CA证书有多少
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert list
root@localhost [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli trustedcert list
Enter password for administrator@vsphere.local:
Number of certificates: 1
#1:
CN(id): 3AEF9845A3E59122EDCB50C946C7886AFBB3D211
Subject DN: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=localhost, OU=VMware Engineering
CRL present: yes
# 导出CA证书
are-vmafd/bin/dir-cli trustedcert get --id A35412348D33EA5EB11E66EF901A1F8D99B0465 --outcert /tmp/vmca_root.cer
# 查看证书情况
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias : 6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
Not After : May 25 02:23:47 2031 GMT
5. 报错
5.1. Error Failed to start vmon services.vmon-cli RC=1
When you go to read the “certificate-manager.log”, you see an entry like this:
Error Failed to start vmon services.vmon-cli RC=1
After a lot of searching on the internet, I sum up with this good article which helps me to solve my problem. The procedure is very simple, you just need to change the file permission of /etc/vmware/.buildInfo from 640 back to 444, SSH to your vCenter Server with root user and type following commands:
shell
chmod 444 /etc/vmware/.buildInfo
https://kb.vmware.com/s/article/2150057lang=zh_CN
5.2. 脚本执行之后卡在85%
这里大概率可能是证书里面的FQDN和主机不匹配,又或者是主机解析FQDN有问题。
https://blog.csdn.net/CrossProblems/article/details/135395563