I got a synology NAS on which I host a VPN Server with OpenVPN. The default certificate by synology renews (has to be renewed) every 3 months.
What happens is that every three months all of the vpn clients can't connect anymore because the certificate in the config is outdated.
Is there a way to simultaneously update those certificates or link them somehow that all clients have the correct one every time?
I know I cloud just switch to a different certificate with longer time period, but that would just shift the problem to a later time.
Push new certificate to VPN clients
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri May 28, 2021 1:53 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Push new certificate to VPN clients
It is highly unlikely that you have certificates which expire every three months.
Look closely at the error message in your log for further details.
Look closely at the error message in your log for further details.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Push new certificate to VPN clients
Probably you use Lets Encrypt.
If so, select the synology certificate for VPN.
If so, select the synology certificate for VPN.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri May 28, 2021 1:53 pm
Re: Push new certificate to VPN clients
What do you mean? How could I select a different one? In the certificates tab of my NAS is only the synology one and me support told me that they get their certificates from Lets Encrypt.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri May 28, 2021 1:53 pm
Re: Push new certificate to VPN clients
Well, I don't have the error anymore because I swapped the certificate in the VPN client config, but as you can see here at the point "Note" https://www.synology.com/en-uk/knowledg ... ertificate that the certificate is only valid for 90 days.TinCanTech wrote: ↑Fri May 28, 2021 2:04 pmIt is highly unlikely that you have certificates which expire every three months.
Look closely at the error message in your log for further details.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Push new certificate to VPN clients
Your issue is with Synology/LetsEncrypt not openvpn.
Openvpn cannot automatically distribute certificates for you.
Openvpn cannot automatically distribute certificates for you.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri May 28, 2021 1:53 pm
Re: Push new certificate to VPN clients
Thank you. Just wanted to be sure if there is no way to sync this.TinCanTech wrote: ↑Tue Jun 01, 2021 10:38 amYour issue is with Synology/LetsEncrypt not openvpn.
Openvpn cannot automatically distribute certificates for you.
I knew that it's no problem with OpenVPN, only asking if there is a way around it anybody here maybe knows.