With VMWare ESXi (I'm running ESXi 6.7), I'm regularly go through an SSL issue. Chrome & Firefox do not allow self-signed certificated provided by internal VMWare system.
In my case, the only way to access to VMWare Sphere Web Client is to use Safari (on macOS) and allow manually certificate as a trusted certificate.
The point is to declare signed certificate.
As VSphere Client is only for administrator use, I'd rather not paying a ~100$-a-year third-part signed certificate.
Until a few months ago, I used ZeroSSL which is not totally free anymore (blocked after 3 renewals). I was following these instructions
Is there a way to use Let'sEncrypt process to get a valid signed certificate and push it my VMWare Server ?
Best Answer
3 main steps for setting up this.
1. Let's Encrypt certificate generation with DNS challenge.
Default challenge process with let's encrypt is HTTP-01 / acme-challenge file generation.
It's not convenient with ESXi use.
I switch to DNS-01 Challenge which is compliant with my DNS provider.
I use
certbot
tool.You can install it with
The final command is
certbot
itself :Thanks to his, I've got quickly a list of
.pem
files2. Certificate format transform
Certificate are directly generated in .pem format so you do not need to change format. You just have to rename files
3. Renew certificate on VMWare esxi
On ESXi host, backup your old certificate
From your workstation:
Replace your certificate
scp rui.key rui.crt myhost:/etc/vmware/ssl/
On ESXi host, restart the host
reboot