OpenVPN Support Forum

Hello OpenVPN-Community,

I need help with my OpenVPN Server. I use a Synology Rackstation as a Server and my domain-name is certified with a Let's Encrypt certificate.

In the config I can export config files wich contain ca_bundle.crt, ca.crt and VPNConfig.ovpn. I use the ca_bundle.crt in my client config to connect and this just worked fine.

I think since my last certificate or VPNServer update something changed. The ca_bundle.crt isn't the same as before. Now any of my clients can connect because of the wrong certificate.

I can I go back to the last certificate files?

I have 25 Clients and it is a lot of work to update all certificate/configs and what can I do that this won't happen again.

Synology support isn't helpful, they only tell me that it's not possible.

Thank you all in advance!

Encrypt certificate give to you 2 years lifetime then when certificate expired you will have so much trouble. .you need to consider create your own certificate that is the best.

Your situation mix up now you can try old certificate to see if it work or you need to check the expired date maybe gone.

So the let's encrypt certificate expires every 3-5 months I think and I've always renewed it. So is there another expire date internal?

If I create my self how can I do it and when does it expire?

How can I reactivate the old certificate?

If the old certificate not expire so you can use it . How do you renew client certificate? Just thinking do it yourself so you can deal with it in the future. .

When you create certificate you have 10 years so it is quite long and you will gain more experience hiw it work.

I only have the ca_bundle.crt and the ca.crt and I can not import it on the synology. The private key is missing.

In the client config only the Certificate authority is used. So isn't it possible to set new certificates but leave the Certificate authority certificate?

if you dont know this will bring big mess up for you in the future.