Hello OpenVPN-Community,
I need help with my OpenVPN Server. I use a Synology Rackstation as a Server and my domain-name is certified with a Let's Encrypt certificate.
In the config I can export config files wich contain ca_bundle.crt, ca.crt and VPNConfig.ovpn. I use the ca_bundle.crt in my client config to connect and this just worked fine.
I think since my last certificate or VPNServer update something changed. The ca_bundle.crt isn't the same as before. Now any of my clients can connect because of the wrong certificate.
I can I go back to the last certificate files?
I have 25 Clients and it is a lot of work to update all certificate/configs and what can I do that this won't happen again.
Synology support isn't helpful, they only tell me that it's not possible.
Thank you all in advance!
Certificate changed
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: Certificate changed
Encrypt certificate give to you 2 years lifetime then when certificate expired you will have so much trouble. .you need to consider create your own certificate that is the best.
Your situation mix up now you can try old certificate to see if it work or you need to check the expired date maybe gone.
Your situation mix up now you can try old certificate to see if it work or you need to check the expired date maybe gone.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jun 22, 2021 3:35 pm
Re: Certificate changed
So the let's encrypt certificate expires every 3-5 months I think and I've always renewed it. So is there another expire date internal?
If I create my self how can I do it and when does it expire?
How can I reactivate the old certificate?
If I create my self how can I do it and when does it expire?
How can I reactivate the old certificate?
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: Certificate changed
If the old certificate not expire so you can use it . How do you renew client certificate? Just thinking do it yourself so you can deal with it in the future. .
When you create certificate you have 10 years so it is quite long and you will gain more experience hiw it work.
When you create certificate you have 10 years so it is quite long and you will gain more experience hiw it work.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jun 22, 2021 3:35 pm
Re: Certificate changed
I only have the ca_bundle.crt and the ca.crt and I can not import it on the synology. The private key is missing.
In the client config only the Certificate authority is used. So isn't it possible to set new certificates but leave the Certificate authority certificate?
In the client config only the Certificate authority is used. So isn't it possible to set new certificates but leave the Certificate authority certificate?
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: Certificate changed
if you dont know this will bring big mess up for you in the future.