Fix Expired vCenter SSL Certificates: SSH Guide

How to Fix Expired vCenter Server SSL Certificates (The Right Way)

If you are trying to access your VMware vSphere Client and getting connection errors, or if your browsers are throwing "NET::ERR_CERT_DATE_INVALID" errors, your vCenter Server Appliance (VCSA) SSL certificates have likely expired. This is a common issue that locks administrators out of the web interface.

In this guide, I will show you how to renew (reset) these certificates using the command line interface (SSH).

Can't I just use the VAMI (Port 5480)?

Many administrators ask: "Can't we simply log into the management interface at port 5480 and renew it there?"

The short answer is: No.

While the VAMI (https://vcenter-ip:5480) is great for monitoring, it cannot generate new self-signed certificates from scratch to replace expired ones. Also, when certificates expire, the SSO service often fails, preventing login to port 5480.

The Solution: Using Certificate Manager (SSH)

The only reliable way to reset expired self-signed certificates is via the SSH console using the built-in certificate-manager tool.

Step 1: Connect via SSH

Open PuTTY and SSH into your vCenter IP. Log in with root. If you land on the appliance screen, type:

shell

Step 2: Run the Certificate Manager

Run the following command:

/usr/lib/vmware-vmca/bin/certificate-manager

Step 3: Select Option 8

Select Option 8 from the menu:

8. Reset all Certificates

Step 4: Confirm and Configure

• Type Y (Yes) to generate configuration.
• Enter the administrator@vsphere.local password.
• Important: Ensure the Hostname and IP Address match your vCenter exactly.

Step 5: Wait for Completion

The tool will stop services, replace certificates, and restart. This takes 10-20 minutes. Look for the message "All certificates generated and replaced successfully".

Post-Renewal Notes

• Backups: Re-authenticate your backup software (Veeam, etc.) as the certificate thumbprint has changed.
• Browser: Clear your browser cache if you still see errors.