[[esxi_ssl]]
Trace: esxi_ssl
Edit this page
AdminRecent ChangesSitemap

ESXi 6.x SSL

  1. Start certbot: 
    sudo certbot certonly --manual --preferred-challenges dns -d pedge.syninf.net
  2. Set and verify TXT record: https://dnschecker.org/#TXT/_acme-challenge.pedge.syninf.net
  3. Complete certbot
  4. Delete TXT record
  5. Enable SSH on ESXi host
  6. Grab keys 
    sudo cp /etc/letsencrypt/live/pedge.syninf.net/fullchain.pem rui.crt ; 
sudo cp /etc/letsencrypt/live/pedge.syninf.net/privkey.pem rui.key
  7. backup keys on host: 
    cd /etc/vmware/ssl/ ;
mv rui.crt rui.crt.`date +%Y%m%d-%H%M%S`.bak ;
mv rui.key rui.key.`date +%Y%m%d-%H%M%S`.bak
  8. Move new keys to host: 
    scp rui.key rui.crt root@pedge:/etc/vmware/ssl/
  9. Restart the hostd service 
    /etc/init.d/hostd restart
  10. Exit SSH and disable

If restarting hostd doesn't work, restart the management agent through the DCUI.

  1. Open console to host via LOM to access DCUI
  2. Customize System → Troubleshooting Options → Restart Management Agents → Exit
  3. Verify new cert, do it again in 90 days.

esxi_ssl.txt · Last modified: 2024/11/14 02:30 by 127.0.0.1
Edit this pageOld revisions
Media ManagerBack to top
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0