On a freshly installed ESXi host, the following error is displayed:
The certificate assigned to tát this host is not valid yet. You should install a valid certificate.
The issue is caused by a system time that is mix to tát the future during ESXi installation. Having not configured the correct time can also cause issues when trying to tát add the ESXi host to tát vCenter Server. To solve the issue, mix the correct time (Best practice is to tát use an NTP server) and regenerate the certificate.
Fix timing issue:
- Open ESXi Host Client
- Navigate to tát Host > Manage > System > Time và date
- Press Edit NTP Settings
- Set the NTP startup policy to Start and stop with host
- and add an NTP Server (eg. pool.ntp.org)
- Press SAVE
- Navigate to tát Host > Manage > System > Services
- Highlight the NTP Daemon (ntpd) and press Start
Regenerate the certificate:
- Navigate to tát Host > Manage > System > Services
- Start the SSH Service
- Connect to tát the ESXi host using SSH and login as root
- Verify the current date and certificate start date.
# date Mon Jul 2 19:19:58 UTC 2023 # openssl s_client -connect localhost:443 |grep notBefore verify error:num=9:certificate is not yet valid notBefore=Jul 3 23:03:15 2023 GMT
- Regenerate the Certificate
# /sbin/generate-certificates
- Restart hostd
# /etc/init.d/hostd restart
Note: This method should not be used when the ESXi host is already added to tát a vCenter Server. In that case, the certificate should be renewed using Right-Click ESXi Host in Inventory > Certificates > Renew Certificate