Hi,
I have set up a website with letsencrypt certificate installed.
When I try to import the profile via URL. I fill in https://mysitename.com and click "NEXT". It pops up a dialog saying "Certicate error", and asks to Reject or Accept. See attached screen shot below.
Sreenshot removed by Pippin.
The website certificate is valid.
I searched around, and see people use command like /usr/local/openvpn_as/scripts/confdba. However, my machine does't have /usr/local/openvpn_as directory.
Can someone help on this?
Many thanks!
OpenVPN Connect complains letsencrypt certificate
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
vicn1222
- OpenVPN User
- Posts: 25
- Joined: Mon Jul 12, 2021 2:31 pm
-
Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: OpenVPN Connect complains letsencrypt certificate
Hi,
Would you mind changing the url in your screenshot?
I already changed the url in your post (and previous post also).
Thanks.
Would you mind changing the url in your screenshot?
I already changed the url in your post (and previous post also).
Thanks.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
vicn1222
- OpenVPN User
- Posts: 25
- Joined: Mon Jul 12, 2021 2:31 pm
Re: OpenVPN Connect complains letsencrypt certificate
Sure, thank you.
I look for other websites that use letsencrypt. When I enter their url, they all show invalid certificate, except https://nginx.org/. I know they are not openvpn sites. I just want to see how they behave.
I wonder how nginx.org generates its letsencrypt certificate. I follow instructions at https://certbot.eff.org/instructions?ws ... entosrhel7. All browsers show good certificate. However openvpn complains it is invalid.
Below is the way I generated the certificate.
Code: Select all
sudo certbot certonly --apache
-
vicn1222
- OpenVPN User
- Posts: 25
- Joined: Mon Jul 12, 2021 2:31 pm
Re: OpenVPN Connect complains letsencrypt certificate
I asked letsencrypt for help. Below is the response from letsencrypt.
Is it easy to fix for this issue?
Thank you openvpn inc!
Is it easy to fix for this issue?
Thank you openvpn inc!
Code: Select all
First: I think OpenVPN Connect is wrong for claiming the certificate chain is self-signed. It does not match the validation behavior of other clients like browsers.
The default certificate bundle that Let's Encrypt suggests is:
mysitename.com ← R3 ← ISRG Root X1
Usually including the "ISRG Root X1" root would not be necessary, but it is included in order to address compatibility issues with older Android devices.
It seems that OpenVPN connect is detecting that bundled "ISRG Root X1" certificate as self-signed.