“FQDN:xxx is not present in certificate subject alt names” vmware vcenter upgrade

You will encounter this issue while upgrading your vCenter at stage 2. This error will look similar to the below:

screely 1675303000813
FQDN:xxx is not present in certificate subject alt names

This can be due to the following reasons:

  • The Common Name (CN) is equivalent to the Personal Name Identifier (PNID).
  • Certificates can have multiple Domain Name System (DNS) entries in the Subject Alternative Name (SAN).
  • The workflow checks for a match with the PNID against the CN first. If it fails, it checks against the DNS entries.

Table of Contents


Follow the below command and reset all the certificates:


This will clear the certificate and you will able to proceed with the upgrade.


But sometime the above method will not work. Then you need to run the ls doctor script. You can download the script from the below link:


Once ls doctor is downloaded. Move the zip to the vCenter using WinSCP into temp dir. Log in to vCenter using SSH and enter the below commands

cd /tmp
unzip lsdoctor.zip
cd lsdoctor-master
python lsdoctor.py -l
python lsdoctor.py -t
service-control --stop --all
service-control --start --all

The above command will perform the following actions:

  • Navigate to the tmp directory.
  • Unzip the lsdoctor zip file.
  • Go to the lsdoctor-master directory with the “cd lsdoctor-master” command.
  • Use the “-l” option to list potential issues.
  • Run the “-s” and “-t” options one after another for stalefix and trustfix.
  • Restart the vCenter service using the provided commands.
  • Attempt to upgrade vCenter.

If you need any assistance, please don’t hesitate to ask in the comments section. We will be happy to help you further.

Leave a Reply

Your email address will not be published. Required fields are marked *