You could do this manually using vCenter GUI:
Select a Host and go to Configure > Certificate. There you have the option to first refresh and then renew the certificate. Now that your vCenter is an issuing certificate authority with our custom certificates it would issue certificate with the template we configured 2 steps back.
Another option, and certainly the preferred one if you have several hosts is to do this with PowerCLI:
$CertificateManager = Get-View -id (Get-View ServiceInstance).Content.CertificateManager
Get-VMHost | ForEach-Object -Process {$CertificateManager.CertMgrRefreshCACertificatesAndCRLs($_.id)}
Get-VMHost | ForEach-Object -Process {$CertificateManager.CertMgrRefreshCertificates($_.id)}
Now you’ll see that if you visit the esxi servers, they also have a valid certificate.