Due to popular demand, I have updated the vCenter SSL Installation script with some significant enhancements. (Once again Credit to Ryan Bolger – https://github.com/rmbolger for the Posh-ACME module). This update now checks for prerequisites and installs them. In addition, it now supports vSphere 7 and vSphere 8. The latest version of Install-vCenterSSL.ps1, generates certificates and then formats and replaces the default certificate directly to a vCenter server with very minimal effort.
Prerequisites
- Download my Install-vCenterSSL.ps1 Script, can be found on my Github page here.
- The script requires internet access to generate the certificate.
- Ability to create a DNS TXT record to validate domain ownership.
- vCenter account with administrator privileges.
- Highly recommended to take a snapshot or backup of your vCenter server.
Step 1 – Update Script Variables
Download the script but, before running it, update the parameters at the top of the script.
Step 2 – Entering vCenter Credentials
Enter vCenter credentials when prompted.
Step 3 – DNS Challenge Validation
This is really the only manual step that’s required. When prompted, you will need to create the following TXT record on DNS provider.
Alternatively, you can automate the DNS Challenge Validation to by using one of the many supported plugins found here on Ryan Bolger’s Github repository.
Step 4 – DNS Propagation Timer
Press any key to continue and the 2 minute sleep timer will start, waiting for DNS to propagate.
Step 5 – vCenter Certificate Validation
Once your domain ownership is confirmed, the certificates will be generated, converted and installed directly to your vCenter using the Rest API. After this operation completes, the services using the certificate will be restarted for the new certificate to take effect.
Optional Step – Use Previously Generated SSL
If you have previously generated an SSL that is valid, the script should detect it and provide the option to reuse it.
Thanks for reading, and, I hope you found this useful, feel free to comment below. If you found any bugs please raise an issue here.
Follow @nmangraviti
Are you aware of a similar mechanism for LE certs on VCSA appliance, without depending on an extra machine (windows/linux)? Maybe via a cron job, with certbot + acmev2 challange process..
+ some clean copy-out tasks?
Hi Simon, I’ve not tested running ACME / Certbot directly on the VCSA appliance, I dare say it wouldn’t be supported either. Now if this something you would like to do, it maybe possible to run certbot as a docker container as VCSA runs on Photon OS, probably just research how to do it on Photon. Sorry I couldn’t be more helpful.