====== ESXi 6.x SSL ======

  - Start certbot: <code>sudo certbot certonly --manual --preferred-challenges dns -d pedge.syninf.net</code>
  - Set and verify TXT record: [[https://dnschecker.org/#TXT/_acme-challenge.pedge.syninf.net|https://dnschecker.org/#TXT/_acme-challenge.pedge.syninf.net]]
  - Complete certbot
  - Delete TXT record
  - Enable SSH on ESXi host
  - Grab keys <code>sudo cp /etc/letsencrypt/live/pedge.syninf.net/fullchain.pem rui.crt ; 
sudo cp /etc/letsencrypt/live/pedge.syninf.net/privkey.pem rui.key </code>
  - backup keys on host: <code>cd /etc/vmware/ssl/ ;
mv rui.crt rui.crt.`date +%Y%m%d-%H%M%S`.bak ;
mv rui.key rui.key.`date +%Y%m%d-%H%M%S`.bak</code>
  - Move new keys to host: <code>scp rui.key rui.crt root@pedge:/etc/vmware/ssl/</code>
  - Restart the hostd service <code>/etc/init.d/hostd restart</code>
  - Exit SSH and disable

If restarting hostd doesn't work, restart the management agent through the DCUI.
  - Open console to host via LOM to access DCUI
  - Customize System -> Troubleshooting Options -> Restart Management Agents -> Exit
  - Verify new cert, do it again in 90 days.
{{:pedge_valid_cert.png?nolink&600|}}