Another certificate management post as Lets Encrypt have removed their old root certificates. This post shows how to update signed certificates for NSX-T.
NSX-T checks certificate chains when importing certificates, and unless the full chain of trust is available, you will not be able to use the certificate with NSX-T.
This link here shows the chain of trust for Lets Encrypt certificates.
https://letsencrypt.org/certificates/
The certificate chain for Lets Encrypt is as follows:
your-certificate -> R3 -> ISRG Root X1
Your certificate is delivered to you after you request a certificate using Lets Encrypt services, the file that contains your certificate is named cert.pem.
The R3 certificate can be downloaded with this link
https://letsencrypt.org/certs/lets-encrypt-r3.pem
The ISRG Root X1 certificate can be downloaded with this link
https://letsencrypt.org/certs/isrgrootx1.pem
To create a complete chain that NSX-T can accept, combine the contents of the files above into a single file in this order: cert, R3, X1. Like this
-----BEGIN CERTIFICATE-----
cert.pem content
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
R3.pem content
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
X1.pem content
-----END CERTIFICATE-----
Now you can use this new file to import and use this new certificate in NSX-T. It will look similar to this if successful.
VMwire 
Not working now. X3 expired
Use these
https://letsencrypt.org/certs/isrgrootx1.pem
https://letsencrypt.org/certs/lets-encrypt-r3.pem
Details here https://letsencrypt.org/certificates/