ESXi 6.x SSL

Start certbot:

sudo certbot certonly --manual --preferred-challenges dns -d pedge.syninf.net

Set and verify TXT record: https://dnschecker.org/#TXT/_acme-challenge.pedge.syninf.net
Complete certbot
Delete TXT record
Enable SSH on ESXi host

Grab keys

sudo cp /etc/letsencrypt/live/pedge.syninf.net/fullchain.pem rui.crt ; 
sudo cp /etc/letsencrypt/live/pedge.syninf.net/privkey.pem rui.key

backup keys on host:

cd /etc/vmware/ssl/ ;
mv rui.crt rui.crt.`date +%Y%m%d-%H%M%S`.bak ;
mv rui.key rui.key.`date +%Y%m%d-%H%M%S`.bak

Move new keys to host:

scp rui.key rui.crt root@pedge:/etc/vmware/ssl/