Renewing SSL Certificate on OpenVPN Server: Difference between revisions
(Created page with "Make sure certbot is not installed by OS packaging Install CertBot using Snap Invoke CertBot and generate the cert: systemctl stop openvpnas systemctl status openvpnas certbot certonly \ --force-renewal \ --standalone \ --non-interactive \ --agree-tos \ --email support@apoyar.eu \ --domains sslvpn.apoyar.net \ --pre-hook 'sudo service openvpnas stop' \ --post-hook 'sudo service openvpnas start' ln -s -f /certificate path /usr/local/openvpn_as/et...") |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
Login to openvpn server from jupiter (10.0.1.55 using neal user and apoyar key) | |||
systemctl stop openvpnas | systemctl stop openvpnas | ||
| Line 9: | Line 6: | ||
systemctl status openvpnas | systemctl status openvpnas | ||
certbot certonly | certbot certonly --force-renewal --standalone --non-interactive --agree-tos --email support@apoyar.eu --domains sslvpn.apoyar.net --pre-hook 'sudo service openvpnas stop' --post-hook 'sudo service openvpnas start' | ||
(If getting error about port 80 while running above command, we have to kill the process running on that port) | |||
to check services running on ports, run below command | |||
netstat -anpt | grep LISTEN | |||
check here and kill process and then try again running certbot command, once command executed get the certificate and key details, edit in below commands and execute below 2 commands | |||
ln -s -f /certificate path /usr/local/openvpn_as/etc/web-ssl/server.crt | ln -s -f /certificate path /usr/local/openvpn_as/etc/web-ssl/server.crt | ||
Latest revision as of 10:29, 7 September 2023
Login to openvpn server from jupiter (10.0.1.55 using neal user and apoyar key)
systemctl stop openvpnas
systemctl status openvpnas
certbot certonly --force-renewal --standalone --non-interactive --agree-tos --email support@apoyar.eu --domains sslvpn.apoyar.net --pre-hook 'sudo service openvpnas stop' --post-hook 'sudo service openvpnas start'
(If getting error about port 80 while running above command, we have to kill the process running on that port)
to check services running on ports, run below command
netstat -anpt | grep LISTEN
check here and kill process and then try again running certbot command, once command executed get the certificate and key details, edit in below commands and execute below 2 commands
ln -s -f /certificate path /usr/local/openvpn_as/etc/web-ssl/server.crt
ln -s -f /keyfile path /usr/local/openvpn_as/etc/web-ssl/server.key
cd /usr/local/openvpn_as/scripts
./sacli stop
./sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/privkey.pem" ConfigPut
./sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/fullchain.pem" ConfigPut
./sacli start
reboot