Push new certificate to VPN clients

This forum is for general conversation and user-user networking.
Post Reply
skarpeta
OpenVpn Newbie
Posts: 4
Joined: Fri May 28, 2021 1:53 pm

Push new certificate to VPN clients

Post by skarpeta » Fri May 28, 2021 1:54 pm

I got a synology NAS on which I host a VPN Server with OpenVPN. The default certificate by synology renews (has to be renewed) every 3 months.

What happens is that every three months all of the vpn clients can't connect anymore because the certificate in the config is outdated.
Is there a way to simultaneously update those certificates or link them somehow that all clients have the correct one every time?
I know I cloud just switch to a different certificate with longer time period, but that would just shift the problem to a later time.

User avatar
TinCanTech
Forum Team
Posts: 9426
Joined: Fri Jun 03, 2016 1:17 pm

Re: Push new certificate to VPN clients

Post by TinCanTech » Fri May 28, 2021 2:04 pm

It is highly unlikely that you have certificates which expire every three months.

Look closely at the error message in your log for further details.

User avatar
Pippin
Forum Team
Posts: 997
Joined: Wed Jul 01, 2015 8:03 am

Re: Push new certificate to VPN clients

Post by Pippin » Fri May 28, 2021 3:33 pm

Probably you use Lets Encrypt.
If so, select the synology certificate for VPN.

skarpeta
OpenVpn Newbie
Posts: 4
Joined: Fri May 28, 2021 1:53 pm

Re: Push new certificate to VPN clients

Post by skarpeta » Tue Jun 01, 2021 8:17 am

Pippin wrote:
Fri May 28, 2021 3:33 pm
Probably you use Lets Encrypt.
If so, select the synology certificate for VPN.
What do you mean? How could I select a different one? In the certificates tab of my NAS is only the synology one and me support told me that they get their certificates from Lets Encrypt.

skarpeta
OpenVpn Newbie
Posts: 4
Joined: Fri May 28, 2021 1:53 pm

Re: Push new certificate to VPN clients

Post by skarpeta » Tue Jun 01, 2021 8:19 am

TinCanTech wrote:
Fri May 28, 2021 2:04 pm
It is highly unlikely that you have certificates which expire every three months.

Look closely at the error message in your log for further details.
Well, I don't have the error anymore because I swapped the certificate in the VPN client config, but as you can see here at the point "Note" https://www.synology.com/en-uk/knowledg ... ertificate that the certificate is only valid for 90 days.

User avatar
TinCanTech
Forum Team
Posts: 9426
Joined: Fri Jun 03, 2016 1:17 pm

Re: Push new certificate to VPN clients

Post by TinCanTech » Tue Jun 01, 2021 10:38 am

Your issue is with Synology/LetsEncrypt not openvpn.

Openvpn cannot automatically distribute certificates for you.

skarpeta
OpenVpn Newbie
Posts: 4
Joined: Fri May 28, 2021 1:53 pm

Re: Push new certificate to VPN clients

Post by skarpeta » Tue Jun 01, 2021 12:35 pm

TinCanTech wrote:
Tue Jun 01, 2021 10:38 am
Your issue is with Synology/LetsEncrypt not openvpn.

Openvpn cannot automatically distribute certificates for you.
Thank you. Just wanted to be sure if there is no way to sync this.
I knew that it's no problem with OpenVPN, only asking if there is a way around it anybody here maybe knows.

Post Reply