• You are using VMware Aria Automation SaaS (formerly vRealize Automation Cloud) with a Cloud Extensibility appliance with embedded Aria Automation Orchestrator (formerly vRealize Orchestrator) services.
• Extensibility workflows or actions fail to run or complete.
• You cannot access the UI and receive a 404 Not Found error message when attempting to access https://cexpFQDN/vco

• CSP (https://console.cloud.vmware.com/) has a new certificate that is not trusted.
• The error seen in the logs is

  I/O error on GET request for "https://console.cloud.vmware.com/csp/gateway/am/api/auth/token-public-key": Certificate is not in CA store.

Prerequisites

• You have access to root user and password
• You have SSH or console access to the virtual appliance.

Procedure

1. Login to Control Center and navigate to the Certificates page.
2. Click on Import button and select Import from URL
3. Add as URL

   https://console.cloud.vmware.com/

4. Restart the Orchestrator app by connecting through SSH to the Cloud Extensibility Proxy virtual machine and restart the pod using the following commands

   kubectl -n prelude scale deployment vco-app --replicas=0 
   kubectl -n prelude scale deployment vco-app --replicas=1

5. Monitor the pod status using the command below until 3/3 containers are deployed for vco-app pod

   kubectl get pods -n prelude -w

6. Verify you can login into the UI.

Known Issues

• If 403 errors are encountered and you are unable to access vRO, after running the above instructions, run the following to redeploy services /opt/scripts/deploy.sh.
• Workflows do not appear in Content Sources.
  • To workaround the issue - create a new empty workflow or change description of an existing workflow and start data collection.