Renewing SSL Certificate on OpenVPN Server

Make sure certbot is not installed by OS packaging

Install CertBot using Snap

Invoke CertBot and generate the cert:

Login to openvpn server from jupiter (10.0.1.55 using neal user and apoyar key)

systemctl stop openvpnas

systemctl status openvpnas

certbot certonly --force-renewal --standalone --non-interactive --agree-tos --email support@apoyar.eu --domains sslvpn.apoyar.net --pre-hook 'sudo service openvpnas stop' --post-hook 'sudo service openvpnas start'

(If getting error about port 80 while running above command, we have to kill the process running on that port)

to check services running on ports, run below command

netstat -anpt | grep LISTEN

check here and kill process and then try again running certbot command, once command executed get the certificate and key details, edit in below commands and execute below 2 commands

ln -s -f /certificate path /usr/local/openvpn_as/etc/web-ssl/server.crt

ln -s -f /keyfile path /usr/local/openvpn_as/etc/web-ssl/server.key

cd /usr/local/openvpn_as/scripts

./sacli stop

./sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/privkey.pem" ConfigPut

./sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/fullchain.pem" ConfigPut

./sacli start

reboot