ESXi 6.x SSL

  1. Start certbot:
    sudo certbot certonly --manual --preferred-challenges dns -d pedge.syninf.net
  2. Complete certbot
  3. Delete TXT record
  4. Enable SSH on ESXi host
  5. Grab keys
    sudo cp /etc/letsencrypt/live/pedge.syninf.net/fullchain.pem rui.crt ; 
    sudo cp /etc/letsencrypt/live/pedge.syninf.net/privkey.pem rui.key 
  6. backup keys on host:
    cd /etc/vmware/ssl/ ;
    mv rui.crt rui.crt.`date +%Y%m%d-%H%M%S`.bak ;
    mv rui.key rui.key.`date +%Y%m%d-%H%M%S`.bak
  7. Move new keys to host:
    scp rui.key rui.crt root@pedge:/etc/vmware/ssl/
  8. Exit SSH and disable
  9. Open console to host via LOM to access DCUI
  10. Customize System → Troubleshooting Options → Restart Management Agents → Exit
  11. Verify new cert, do it again in 90 days.

esxi_ssl.txt · Last modified: 2022/04/14 12:09 by john
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0