So in my last post, I was struggling with updating VCSA 6.0 to VCSA 6.5U3. I opened up an SR, and the initial call had me to restore the Machine SSL to use the VMCA. Feeling confident that would work, the tech ended the call mid way through the update.
Two days later, after examining logs, and looking. through the certificate store, I noticed that there were 2 certs had aliases of my cert servers. Before I removed those two certs, I stood up a new 6.0 VCSA just to see if it would update to 6.5. I imported the cert chain, created a custom machine ssl and it updated without out issue.
Back to the original VCSA, I removed the 2 certs and added the cert chain. After the VCSA saw the 2 certs, I proceeded with the update.
Happy to say after about 3 days, my vCenter is now on 6.5U3.
If you happen to get failing to start vpxd when updating, check the following logs in