Certificate changed

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
daniel.ebert
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 22, 2021 3:35 pm

Certificate changed

Post by daniel.ebert » Tue Jun 22, 2021 3:42 pm

Hello OpenVPN-Community,

I need help with my OpenVPN Server. I use a Synology Rackstation as a Server and my domain-name is certified with a Let's Encrypt certificate.

In the config I can export config files wich contain ca_bundle.crt, ca.crt and VPNConfig.ovpn. I use the ca_bundle.crt in my client config to connect and this just worked fine.

I think since my last certificate or VPNServer update something changed. The ca_bundle.crt isn't the same as before. Now any of my clients can connect because of the wrong certificate.

I can I go back to the last certificate files?

I have 25 Clients and it is a lot of work to update all certificate/configs and what can I do that this won't happen again.

Synology support isn't helpful, they only tell me that it's not possible.

Thank you all in advance!

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Certificate changed

Post by 300000 » Tue Jun 22, 2021 6:17 pm

Encrypt certificate give to you 2 years lifetime then when certificate expired you will have so much trouble. .you need to consider create your own certificate that is the best.

Your situation mix up now you can try old certificate to see if it work or you need to check the expired date maybe gone.

daniel.ebert
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 22, 2021 3:35 pm

Re: Certificate changed

Post by daniel.ebert » Tue Jun 22, 2021 7:49 pm

So the let's encrypt certificate expires every 3-5 months I think and I've always renewed it. So is there another expire date internal?

If I create my self how can I do it and when does it expire?

How can I reactivate the old certificate?

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Certificate changed

Post by 300000 » Tue Jun 22, 2021 8:07 pm

If the old certificate not expire so you can use it . How do you renew client certificate? Just thinking do it yourself so you can deal with it in the future. .

When you create certificate you have 10 years so it is quite long and you will gain more experience hiw it work.

daniel.ebert
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 22, 2021 3:35 pm

Re: Certificate changed

Post by daniel.ebert » Tue Jun 22, 2021 9:05 pm

I only have the ca_bundle.crt and the ca.crt and I can not import it on the synology. The private key is missing.

In the client config only the Certificate authority is used. So isn't it possible to set new certificates but leave the Certificate authority certificate?

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Certificate changed

Post by 300000 » Tue Jun 22, 2021 10:21 pm

if you dont know this will bring big mess up for you in the future.

Post Reply