Page 1 of 1

Let's Encrypt works with OpenVPN Connect, but not Tunnelblick nor OpenVPN command line

Posted: Wed Sep 11, 2019 8:56 am
by alfredballe
I'm running the following configuration on openvpn server (open source):

Code: Select all

port 443

proto tcp

dev tun

ca /etc/letsencrypt/live/
cert /etc/letsencrypt/live/
key /etc/letsencrypt/live/

dh /home/alfredballe/dh2048.pem


topology subnet

ifconfig-pool-persist ipp.txt

push "topology subnet"
push "route-gateway"

keepalive 10 120


status openvpn-status.log

verb 5

verify-client-cert none

script-security 3
auth-user-pass-verify /etc/openvpn/ via-env
client-connect /etc/openvpn/
This works well with OpenVPN Connect client, but fails with OpenVPN command line and Tunnelblick.

Both clients that fails gives error similar to:

Code: Select all

Wed Sep 11 10:50:29 2019 VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Wed Sep 11 10:50:29 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Sep 11 10:50:29 2019 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep 11 10:50:29 2019 TLS Error: TLS object -> incoming plaintext read error
Wed Sep 11 10:50:29 2019 TLS Error: TLS handshake failed