When certs go bad…

I woke up this morning to failed backups and unable to login to the vCenter Service Appliance. I eventually discovered it was from expired certificates.

VMware warning about expired STS cert

STS expiry will occur without warning and will result in an inability to log in to vCenter.

Well, maybe we *should* get warnings, eh VMware?

The fixes weren’t the nicest either:

  1. Copy in a python script from a KB article to find out if the STS cert is expired.
  2. Copy in a bash script from a KB article to fix the STS cert.
  3. Regenerate all the certs in the box because half of them have expired.

Luckily my environment is pretty simple and we only have one VCSA.