...spent a good two days on repairing our test vCenter, where an outdated plugin apparently blocked automatic renewal of some of the certificates usually generated by the vCenter CA. None of the repair tools (and there are surprisingly quite a few in the VMware KB) worked until I identified and removed the rogue plugin. And afterwards I had a vCenter with the CA including root certs re-rolled, which in turn upset all the connected systems (NSX-T, Cloud Director, Usage Meter, and such...).
@galaxis Yuck! The state of "enterprise" solutions.