When logging into my Lab vCenter the other day, I noticed one of my lab hosts showed an red “ESXi Host Certificate Status” alarm. That was the case because the host was 5 years connected to vCenter and therefore the hosts certificate was expired.
Luckily fixing the Host Certificate Status alarm is quite easy since the vSphere 6.x days. Select the host and go to “Configure > System > Certificate” and use the “Renew” button.
By using the “Renew” option, vCenter generates and and applies a new certificate to the host. During the process the host will briefly disconnected from vCenter. In my case about a second.
As can be seen it the latest screenshot, the certificate is renewed and lasts for another 5 years.
Back in the days
In the vSphere 5.x and earliers days, the certificated could be generated in two ways:
- Disconnect the host from vCenter an re-connect
- On the (SSH) console of ESXi hosts re-create the certificates
- Rename the certificate file and private key file
- Execute sbin/generate-certificates
- Restart ESXi Server management agents by executing /sbin/services.sh restart
4 Comments
Petar Brcic · December 6, 2023 at 9:32 am
Great Daniel!
Important info regarding the issue that admins are not aware at the beginning.
And short effective operational procedure!
Thanks
Daniël Zuthof · December 6, 2023 at 11:21 am
Thanks for the feedback, Petar. Appreciated.
Tom Kristiansen · September 16, 2024 at 11:29 pm
Thanks for this info.
Daniël Zuthof · September 17, 2024 at 4:29 pm
Thanks for the feedback, Tom. Appreciated.