Page 1 of 1

Let's Encrypt works with OpenVPN Connect, but not Tunnelblick nor OpenVPN command line

Posted: Wed Sep 11, 2019 8:56 am
by alfredballe
I'm running the following configuration on openvpn server (open source):

Code: Select all

port 443

proto tcp

dev tun

ca /etc/letsencrypt/live/easy-vpn.com/chain.pem
cert /etc/letsencrypt/live/easy-vpn.com/fullchain.pem
key /etc/letsencrypt/live/easy-vpn.com/privkey.pem

dh /home/alfredballe/dh2048.pem

server 10.8.0.0 255.255.255.0

topology subnet

ifconfig-pool-persist ipp.txt

push "topology subnet"
ifconfig 10.8.0.1 255.255.255.0
push "route-gateway 10.8.0.1"

keepalive 10 120

persist-key
persist-tun

status openvpn-status.log

verb 5

verify-client-cert none
username-as-common-name

script-security 3
auth-user-pass-verify /etc/openvpn/auth-user-pass-verify.py via-env
client-connect /etc/openvpn/client-connect.py
This works well with OpenVPN Connect client, but fails with OpenVPN command line and Tunnelblick.

Both clients that fails gives error similar to:

Code: Select all

Wed Sep 11 10:50:29 2019 VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Wed Sep 11 10:50:29 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Sep 11 10:50:29 2019 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep 11 10:50:29 2019 TLS Error: TLS object -> incoming plaintext read error
Wed Sep 11 10:50:29 2019 TLS Error: TLS handshake failed
[code]