SSL - ESXi

Installing manual certs on an ESXi server

PIKEDOM.COM has some very good instructions.

Something to know if you got your certs from certbot:

• The file you're replacing rui.crt with is either cert.pem or fullchain.pem (depending on whether you've set up with one or more than one domain in your certs.
• The file you're replacing rui.key with is privkey.pem.
• Both of the files from certbot may have a number attached to the end of the filename itself.

So...

SSH into the server...

• cd /etc/vmware/ssl
• mv rui.crt orig.rui.crt
• mv rui.key orig.rui.key
• vi rui.crt
  • Paste in the content of fullchain.pem
• vi rui.key
  • Paste in the content of privkey.pem
• reboot

Using SCP to install the certs

You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...

• sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt
• sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key
• ssh root@NAME.DOMAIN.TLD reboot

Of course, you'll replace NAME.DOMAIN.TLD with the actual name of your server...