I have a vCenter cluster with 3 hosts. I am trying to apply a Dell patch baseline (extension) on one of the hosts and I can't remediate the baseline or check compliance. Both fail with the error

"Host cannot download files from VMware vSphere Lifecycle Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details."

The /var/log/esxupdate.log on all 3 hosts shows that it gets to "Downloading http://<vcsa>:9084/vum/repository/hostupdate/DEL/metadata-21.zip to /tmp/..." then shows "WARNING: Download failed: <urlopen error timed out>, 4 retry left..."

I was previously able to apply the baseline to the hosts, but had to reinstall ESXi on one of them so I'm trying to do it again and it's failing. The hosts can communicate VCSA over the management network, so I'm not sure why it would be unable to connect. The esxupdate service on the host is set to allow all IPs.

What could be causing the issue or what settings/configurations could I check on the hosts/VCSA?