When trying to update the certificate on an ESXi host with a certificate generated by the VMCA you may run into the error A general system error occurred: Unable to get signed certificate for host as detailed in this VMware KB HERE.
This happens when you try to renew ESXi host SSL certificates like so:
But you receive the error as below:
Not a big deal, however the VMware KB only tells you how to solve this using the good old C# client, not the vSphere Web Client. If you are running vSphere 6.5 then you are SOL using the KB instructions.
First things first, select the vCenter from the inventory and then click on Configure tab and the click on Advanced Settings followed by the Edit button as shown below.
The following dialogue box appears
Hunt out the vpxd.certmgmt.certs.minutesBefore setting and change it to 10 from 1440. This will allow you to assign a new SSL certificate to the host. More details of why this is the case can be found in the VMware KB.
Try the certificate renewal again and you should end up with something like this: