VMware VCSA 6.7 and VCSA 6.7U1 Rollback Issues

[MacITC]

Anyone else experiencing these problems with VCSA 6.7 and 6.7U1? Everything working fine but when running the certificate-manager it will end with a rollback.

OK 1) acme.sh installed in VCSA via ssh OK 2) ./acme.sh --renew -d FQDN.com \ --yes-I-know-dns-manual-mode-enough-go-ahead-please OK 3) Cert success

OK 4a) ~/.acme.sh/FQDN.com/FQDN.com.cer OK 4b) ~/.acme.sh/FQDN.com/FQDN.com.key OK 4c) ~/.acme.sh/FQDN.com/ca.cer OK 4d) ~/.acme.sh/FQDN.com/fullchain.cer

OK 5) /usr/lib/vmware-vmca/bin/certificate-manager OK 5.1) Choose 1. Replace Machine SSL certificate with Custom Certificate OK 5.2) SSO with Administrator@vsphere.local: Enter password = successful OK 5.3) Choose 2. Import custom certificate(s) and key(s) to replace existing Machine SSL certificate

OK 6.1) Please provide valid custom certificate for Machine SSL. File : ~/.acme.sh/FQDN.com/FQDN.com.cer

OK 6.2) Please provide valid custom key for Machine SSL. File : ~/.acme.sh/FQDN.com/FQDN.com.key

OK 6.3) Please provide the signing certificate of the Machine SSL certificate File : ~/.acme.sh/FQDN.com/fullchain.cer

OK 6.4) You are going to replace Machine SSL cert using custom cert Continue operation : Option[Y/N] ? : y Command Output: ~/.acme.sh/FQDN.com/FQDN.com.cer: OK

OK 7) Get site nameCompleted [Replacing Machine SSL Cert...]
default-site

NOT OK 8) Lookup all services Get service default-site:a686dba0-5f34-44aa-afdb-1fca391a89ec Don't update service default-site:a686dba0-5f34-44aa-afdb-1fca391a89ec Get service default-site:e0fc2ebb-19af-49ed-b537-8d22318b28be Don't update service default-site:e0fc2ebb-19af-49ed-b537-8d22318b28be ... ... Updated 0 service(s) Rollback Status : 100% Completed [Rollback completed successfully]

[mrulke]

This is the update manager service. i had to set it to manual to get this to work. it something to do with the public cert but not sure what