1. Let’s Encrypt Certificate Generation with DNS Challenge on a Linux Server

By default, Let’s Encrypt uses the HTTP-01/acme-challenge file generation process for certificate generation. However, this process may not be convenient for use with ESXi. To address this, you can switch to the DNS-01 Challenge, which is compliant with your DNS provider. Here’s how you can achieve this using the certbot tool from Let’s Encrypt:

1. Install certbot on your Linux server:

   For Ubuntu:

   sudo apt install certbot python3-certbot-apache
   

   For RedHat:

   sudo yum install epel-release
   sudo yum install certbot python2-certbot-apache mod_ssl
   

2. Generate the Let’s Encrypt certificate using the certbot command:

   certbot certonly -d YourDomain.com
   

2. Certificate Format Transformation

Let’s Encrypt generates certificates in the .pem format, so there is no need to change the format. You simply need to rename the files accordingly:

cp fullchain.pem rui.crt
cp privkey.pem rui.key

Please note that it’s important to use fullchain.pem and not cert.pem, as the latter is not compliant with ESXi.

3. Renewing the Certificate on VMware ESXi

To renew the certificate on your VMware ESXi host, follow these steps:

1. Backup your old certificate on the ESXi host:

   cd /etc/vmware/ssl/
   mv rui.crt rui.crt.`date +%Y%m%d-%H%M%S`.bak
   mv rui.key rui.key.`date +%Y%m%d-%H%M%S`.bak
   

   If you need to rollback and reset the SSL, you can use the command /sbin/generate-certificates && reboot.

2. Replace the existing certificate on the ESXi server with the one generated on the Linux server:

   scp rui.key rui.crt root@esxi-server-ip:/etc/vmware/ssl/
   

3. Restart the ESXi host to apply the new certificate:

   reboot
   

By following these steps, you can generate Let’s Encrypt certificates using the DNS challenge on your Linux server and then transfer and apply them to your VMware ESXi host.