Possible error - self-signed ssl certificate generated by the ESXi Hosts isn’t trusted by the vCenter or other error related to host ssl verified.
Resolution: To solve this issue you must generate new ssl certificate for esxi hosts managed by HA cluster and make it trusted the thumbprint by reconnecting the hosts to cluster .
Move esxi host in Maintenance Mode , start ssh service and connect host via putty
2. Rename old ssl certificates
by following commands.
mv /etc/vmware/ssl/rui.crt
/etc/vmware/ssl/rui.crt.old
mv /etc/vmware/ssl/rui.key
/etc/vmware/ssl/rui.key.old
3. Generate new ssl certificate
by following commands.
/sbin/generate-certificates
4. Restart hostd and vpxa
services by following cmd
/etc/init.d/hostd restart
/etc/init.d/vpxa restart
5. Now check host status in vCenter. In a while it will show as disconnected, connect the host by entering root credentials , it will prompt for new ssl certificate verification, click “yes” to replace the host certificate with new cert and verify.