搜索了一下判断是证书过期导致的。
ssh 远程连接到VC,然后看一下证书到期时间
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
输出结果看到已经到期,再运行证书管理器,选4 重新生成,一路默认就行。看到成功的提示就可以了。
/usr/lib/vmware-vmca/bin/certificate-manager
Command> shell
Shell access is granted to root
root@vc [ ~ ]#
root@vc [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : Mar 11 22:43:10 2024 GMT
[*] Store : TRUSTED_ROOTS
Alias : 8dfa3bfbafdb7384ea711edb3828941e12516486
Not After : Mar 6 10:43:08 2032 GMT
[*] Store : machine
Alias : machine
Not After : Mar 6 10:43:08 2032 GMT
[*] Store : vsphere-webclient
Alias : vsphere-webclient
Not After : Mar 6 10:43:08 2032 GMT
[*] Store : vpxd
Alias : vpxd
Not After : Mar 6 10:43:08 2032 GMT
[*] Store : vpxd-extension
Alias : vpxd-extension
Not After : Mar 6 10:43:08 2032 GMT
[*] Store : hvc
Alias : hvc
Not After : Mar 6 10:43:08 2032 GMT
[*] Store : data-encipherment
Alias : data-encipherment
Not After : Mar 6 10:43:08 2032 GMT
[*] Store : APPLMGMT_PASSWORD
[*] Store : SMS
Alias : sms_self_signed
Not After : Mar 12 10:50:31 2032 GMT
[*] Store : wcp
Alias : wcp
Not After : Mar 6 10:43:08 2032 GMT
root@vc [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 7.0 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| NOTE: Solution user certs will be deprecated in a future |
| release of vCenter. Refer to release notes for more details.|
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 4
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)
] Command Failed!!
Status : 85% Completed [starting services...]
Status : 100% Completed [All tasks completed successfully]