Page 1 of 1

Push new certificate to VPN clients

Posted: Fri May 28, 2021 1:54 pm
by skarpeta
I got a synology NAS on which I host a VPN Server with OpenVPN. The default certificate by synology renews (has to be renewed) every 3 months.

What happens is that every three months all of the vpn clients can't connect anymore because the certificate in the config is outdated.
Is there a way to simultaneously update those certificates or link them somehow that all clients have the correct one every time?
I know I cloud just switch to a different certificate with longer time period, but that would just shift the problem to a later time.

Re: Push new certificate to VPN clients

Posted: Fri May 28, 2021 2:04 pm
by TinCanTech
It is highly unlikely that you have certificates which expire every three months.

Look closely at the error message in your log for further details.

Re: Push new certificate to VPN clients

Posted: Fri May 28, 2021 3:33 pm
by Pippin
Probably you use Lets Encrypt.
If so, select the synology certificate for VPN.

Re: Push new certificate to VPN clients

Posted: Tue Jun 01, 2021 8:17 am
by skarpeta
Pippin wrote:
Fri May 28, 2021 3:33 pm
Probably you use Lets Encrypt.
If so, select the synology certificate for VPN.
What do you mean? How could I select a different one? In the certificates tab of my NAS is only the synology one and me support told me that they get their certificates from Lets Encrypt.

Re: Push new certificate to VPN clients

Posted: Tue Jun 01, 2021 8:19 am
by skarpeta
TinCanTech wrote:
Fri May 28, 2021 2:04 pm
It is highly unlikely that you have certificates which expire every three months.

Look closely at the error message in your log for further details.
Well, I don't have the error anymore because I swapped the certificate in the VPN client config, but as you can see here at the point "Note" https://www.synology.com/en-uk/knowledg ... ertificate that the certificate is only valid for 90 days.

Re: Push new certificate to VPN clients

Posted: Tue Jun 01, 2021 10:38 am
by TinCanTech
Your issue is with Synology/LetsEncrypt not openvpn.

Openvpn cannot automatically distribute certificates for you.

Re: Push new certificate to VPN clients

Posted: Tue Jun 01, 2021 12:35 pm
by skarpeta
TinCanTech wrote:
Tue Jun 01, 2021 10:38 am
Your issue is with Synology/LetsEncrypt not openvpn.

Openvpn cannot automatically distribute certificates for you.
Thank you. Just wanted to be sure if there is no way to sync this.
I knew that it's no problem with OpenVPN, only asking if there is a way around it anybody here maybe knows.