Page 1 of 1
Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Mon Aug 09, 2021 2:35 pm
by ioannis
Hi All,
I am having some difficulties with my OpenVPN server and I would appreciate it if anyone could help me.
I was using OpenVPN version 2.8.8. and now I update it to 2.9.3.
I had installed "Let's Encrypt" certificate which is replaced by OpenVPN default certificate.
Now when I open Web GUI, the browser informs me the the certificate issuer is not trusted.
Fortunately, I have snapshot of OpenVPN 2.8.8, so going back if any information needed is an option.
Could someone help me on how to apply "Let's Encrypt" certificate on OpenVPN 2.9.3?
Thank you in advance,
Ioannis
Re: Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Tue Aug 10, 2021 8:38 am
by openvpn_inc
Hello ioannis,
You need a script that loads your Let's Encrypt certificates into the Access Server configuration database. These commands should serve as an example:
Code: Select all
/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/blabla.com/privkey.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/blabla.com/cert.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/blabla.com/chain.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli start
Note that if the certificate is loaded but it doesn't show as trusted, that you need to figure out what you're missing to making that trust complete successfully.
Kind regards,
Johan
Re: Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Tue Aug 10, 2021 1:26 pm
by ioannis
Thank you openvpn_inc,
Running these commands did the trick.
Now I would like to run these commands (and a few more) after certification renewal in order to apply new certificate.
When I first created the certificate, I used;
sudo certbot certonly --post-hook 'sudo service openvpnas start'.........
Now how do I add these commands to post-hook?
Re: Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Wed Aug 11, 2021 11:09 am
by openvpn_inc
Hello ioannis,
Simply create a bash script file that contains all the necessary commands to load the certificates into Access Server and then reload Access Server with sacli start, just like in the sample code I gave you, and then call that script as post-hook from certbot. Sacli start is by the way enough to reload changed web certificates.
Kind regards,
Johan
Re: Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Wed Aug 11, 2021 11:35 am
by ioannis
ok!
Thank you very much for your assistance!
Re: Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Fri Aug 13, 2021 4:01 am
by Danran
ioannis wrote: ↑Mon Aug 09, 2021 2:35 pm
Hi All,
I am having some difficulties with my OpenVPN server and I would appreciate it if anyone could help me.
I was using OpenVPN version 2.8.8. and now I update it to 2.9.3.
I had installed "Let's Encrypt" certificate which is replaced by OpenVPN default certificate.
Now when I open Web GUI, the browser informs me the the certificate issuer is not trusted.
Fortunately, I have snapshot of OpenVPN 2.8.8, so going back if any information needed is an option.
Could someone help me on how to apply "Let's Encrypt" certificate on OpenVPN 2.9.3?
Thank you in advance,
Ioannis
As far as I know, Openvpn access server comes installed with self-signed certificates. Which raises the question, HOW DID YOU INSTALL YOUR WEB INTERFACE CERTIFICATES IN THE FIRST PLACE? Very curious why you can't just repeat your initial steps.
Re: Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Fri Aug 13, 2021 4:03 am
by Danran
ioannis wrote: ↑Wed Aug 11, 2021 11:35 am
ok!
Thank you very much for your assistance!
So others can use this question/answers for reference, would you mind posting the full list of commands and steps you took in order to solve this issue? I am trying to do the exact same thing, but dont even know how to get the initial letsencrypt certificates. So even posting those steps would be of great help! Thanks!
Re: Let's encrypt Certificate on OpenVPN 2.9.3
Posted: Sat Aug 21, 2021 3:48 pm
by Danran
ioannis wrote: ↑Wed Aug 11, 2021 11:35 am
ok!
Thank you very much for your assistance!
Could you take a look at this post (
viewtopic.php?f=24&t=32837) and help me fill out the answer by replying about how you solved this issue here in this thread?