I use let's encrypt ssl certificates on ESXi 6.5 (ESXi-6.5.0-20170702001-standard) and it has been working well. Every few weeks when the certificates expire I just copied the new certificates to /etc/vmware/ssl/rui.{crt,key} and ran
/sbin/services.sh restart
That reloaded the certificates and everything was OK.
Not I have updated to ESXi-6.5.0-20171204001-standard (Build 7388607) and I cannot get ESXi to reload the certificates. Any ideas what is going wrong? How can I reload the certificates without rebooting the whole machine?
[root@vmwsrv1:~] services.sh restart &tail -f /var/log/jumpstart-stdout.log
2018-01-22T10:43:30.955Z| executing start plugin: lacp
2018-01-22T10:43:31.158Z| executing start plugin: memscrubd
2018-01-22T10:43:31.359Z| executing start plugin: smartd
2018-01-22T10:43:31.562Z| executing start plugin: vpxa
2018-01-22T10:43:31.765Z| executing start plugin: sfcbd-watchdog
2018-01-22T10:43:32.976Z| executing start plugin: wsman
2018-01-22T10:43:33.583Z| executing start plugin: snmpd
2018-01-22T10:43:33.986Z| Jumpstart failed to start: snmpd reason: Execution of command: /etc/init.d/snmpd start failed with status: 1
2018-01-22T10:43:33.986Z| executing start plugin: xorg
2018-01-22T10:43:34.391Z| executing start plugin: vmtoolsd
2018-01-23T14:39:01.265Z| executing stop for daemon xorg.
2018-01-23T14:39:01.468Z| Jumpstart failed to stop: xorg reason: Execution of command: /etc/init.d/xorg stop failed with status: 3
2018-01-23T14:39:01.468Z| executing stop for daemon vmsyslogd.
2018-01-23T14:39:01.671Z| Jumpstart failed to stop: vmsyslogd reason: Execution of command: /etc/init.d/vmsyslogd stop failed with status: 1
2018-01-23T14:39:01.671Z| executing stop for daemon vmtoolsd.
2018-01-23T14:39:01.872Z| Jumpstart failed to stop: vmtoolsd reason: Execution of command: /etc/init.d/vmtoolsd stop failed with status: 1
2018-01-23T14:39:01.872Z| executing stop for daemon wsman.
2018-01-23T14:39:02.478Z| executing stop for daemon snmpd.
2018-01-23T14:39:02.884Z| executing stop for daemon sfcbd-watchdog.
2018-01-23T14:39:06.517Z| executing stop for daemon vpxa.
2018-01-23T14:39:06.718Z| executing stop for daemon vobd.
2018-01-23T14:39:06.921Z| executing stop for daemon dcbd.
2018-01-23T14:39:07.124Z| executing stop for daemon cdp.
2018-01-23T14:39:07.325Z| executing stop for daemon nscd.
2018-01-23T14:39:07.528Z| executing stop for daemon lacp.
2018-01-23T14:39:07.731Z| executing stop for daemon memscrubd.
2018-01-23T14:39:07.934Z| Jumpstart failed to stop: memscrubd reason: Execution of command: /etc/init.d/memscrubd stop failed with status: 3
2018-01-23T14:39:07.934Z| executing stop for daemon smartd.
2018-01-23T14:39:08.136Z| executing stop for daemon slpd.
2018-01-23T14:39:08.337Z| executing stop for daemon sdrsInjector.
2018-01-23T14:39:08.540Z| executing stop for daemon storageRM.
2018-01-23T14:39:08.743Z| executing stop for daemon vvold.
2018-01-23T14:39:08.945Z| Jumpstart failed to stop: vvold reason: Execution of command: /etc/init.d/vvold stop failed with status: 3
2018-01-23T14:39:08.945Z| executing stop for daemon hostdCgiServer.
2018-01-23T14:39:09.149Z| executing stop for daemon sensord.
2018-01-23T14:39:09.352Z| executing stop for daemon lbtd.
2018-01-23T14:39:09.554Z| executing stop for daemon hostd.
2018-01-23T14:39:09.755Z| executing stop for daemon rhttpproxy.
2018-01-23T14:39:09.958Z| executing stop for daemon nfcd.
2018-01-23T14:39:10.161Z| executing stop for daemon vmfstraced.
2018-01-23T14:39:10.564Z| executing stop for daemon rabbitmqproxy.
2018-01-23T14:39:10.767Z| executing stop for daemon esxui.
2018-01-23T14:39:10.970Z| executing stop for daemon usbarbitrator.
2018-01-23T14:39:11.173Z| executing stop for daemon iofilterd-spm.
2018-01-23T14:39:11.376Z| executing stop for daemon swapobjd.
2018-01-23T14:39:11.781Z| executing stop for daemon iofilterd-vmwarevmcrypt.
2018-01-23T14:39:11.985Z| executing stop for daemon SSH.
2018-01-23T14:39:12.188Z| executing stop for daemon DCUI.
Errors:
Invalid operation requested: This ruleset is required and connot be disabled
2018-01-23T14:39:12.391Z| executing stop for daemon ntpd.
2018-01-23T14:39:14.549Z| executing start plugin: SSH
2018-01-23T14:39:14.752Z| executing start plugin: DCUI
2018-01-23T14:39:14.955Z| executing start plugin: ntpd
2018-01-23T14:39:15.358Z| executing start plugin: esxui
2018-01-23T14:39:15.965Z| executing start plugin: usbarbitrator
2018-01-23T14:39:16.774Z| executing start plugin: iofilterd-spm
2018-01-23T14:39:17.177Z| executing start plugin: swapobjd
2018-01-23T14:39:17.580Z| executing start plugin: iofilterd-vmwarevmcrypt
2018-01-23T14:39:17.985Z| executing start plugin: sdrsInjector
2018-01-23T14:39:18.188Z| executing start plugin: storageRM
2018-01-23T14:39:18.392Z| executing start plugin: vvold
2018-01-23T14:39:20.204Z| executing start plugin: hostdCgiServer
2018-01-23T14:39:20.407Z| executing start plugin: sensord
2018-01-23T14:39:20.813Z| executing start plugin: lbtd
2018-01-23T14:39:21.017Z| executing start plugin: hostd
2018-01-23T14:39:21.824Z| executing start plugin: rhttpproxy
2018-01-23T14:39:22.228Z| executing start plugin: nfcd
2018-01-23T14:39:22.429Z| executing start plugin: vmfstraced
2018-01-23T14:39:22.632Z| executing start plugin: rabbitmqproxy
2018-01-23T14:39:23.438Z| executing start plugin: slpd
2018-01-23T14:39:23.639Z| executing start plugin: dcbd
2018-01-23T14:39:23.842Z| executing start plugin: cdp
2018-01-23T14:39:24.045Z| executing start plugin: nscd
2018-01-23T14:39:24.246Z| executing start plugin: lacp
2018-01-23T14:39:24.448Z| executing start plugin: memscrubd
2018-01-23T14:39:24.651Z| executing start plugin: smartd
2018-01-23T14:39:24.854Z| executing start plugin: vpxa
2018-01-23T14:39:25.058Z| executing start plugin: sfcbd-watchdog
2018-01-23T14:39:26.267Z| executing start plugin: wsman
2018-01-23T14:39:26.872Z| executing start plugin: snmpd
2018-01-23T14:39:27.276Z| Jumpstart failed to start: snmpd reason: Execution of command: /etc/init.d/snmpd start failed with status: 1
2018-01-23T14:39:27.276Z| executing start plugin: xorg
2018-01-23T14:39:27.680Z| executing start plugin: vmtoolsd
You need to put the new certificates on the ESXi 6.5 and restart management agents -> not required to start services.sh
Once the management agents are restarted, pls connect to the ESXi host via browser and identify which certificate it is pulling now..
Thanks,
MS
You need to put the new certificates on the ESXi 6.5 and restart management agents -> not required to start services.sh
Once the management agents are restarted, pls connect to the ESXi host via browser and identify which certificate it is pulling now..
Thanks,
MS
I once again checked all possibilities of reloading the certificates - still not working.
Rebooted the server - certificate is still old.
Found the error on my side: the script that copied the certificate to ESXi followed the wrong symlink and uploaded an old certificate.
Sorry for the noise, that was completely my fault.
Thanks for your help!