If your vrops certificates has expired you wont be able to take your cluster offline or online. You will need to default your certificates and if you have an custom certificate import that through the vrops admin page afterwards. Tested on vrops 8.6.2.
Run the following on each node (master, master replica, data and remote collectors). This will convert the certificates to default so there not expired.
unset -f pathprepend
unset -f pathremove
unset -f pathappend
$VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/activate_web_certificate.py DEFAULT
$VMWARE_PYTHON_BIN /usr/lib/vmware-vcopssuite/utilities/bin/restartHttpd.py
Then you can bring your cluster online and replace the certificates through vrops.
To see the certificate error message you can use the following command to bring the cluster online
$VMWARE_PYTHON_BIN /usr/lib/vmware-vcopssuite/utilities/sliceConfiguration/bin/vcopsClusterManager.py init-cluster
You should see something like this
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired
For a custom certificate in vrops the format needs to be “server certificate, private key, intermediate , root” in that order from top to bottom and in .pem format
https://kb.vmware.com/s/article/2046591
For a vrslcm certificate the format needs to be “private key, server certificate, intermediate, root” in that order from top to bottom and in .pem format
