Renewing SSL Certificate on OpenVPN Server

From Apoyar Wiki
Revision as of 05:59, 29 March 2022 by Admin (talk | contribs) (Created page with "Make sure certbot is not installed by OS packaging Install CertBot using Snap Invoke CertBot and generate the cert: systemctl stop openvpnas systemctl status openvpnas certbot certonly \ --force-renewal \ --standalone \ --non-interactive \ --agree-tos \ --email support@apoyar.eu \ --domains sslvpn.apoyar.net \ --pre-hook 'sudo service openvpnas stop' \ --post-hook 'sudo service openvpnas start' ln -s -f /certificate path /usr/local/openvpn_as/et...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Make sure certbot is not installed by OS packaging

Install CertBot using Snap

Invoke CertBot and generate the cert:

systemctl stop openvpnas

systemctl status openvpnas

certbot certonly \ 

 --force-renewal \
 --standalone \
 --non-interactive \	
 --agree-tos \
 --email support@apoyar.eu \
 --domains sslvpn.apoyar.net \
 --pre-hook 'sudo service openvpnas stop' \
 --post-hook 'sudo service openvpnas start'

ln -s -f /certificate path /usr/local/openvpn_as/etc/web-ssl/server.crt

ln -s -f /keyfile path /usr/local/openvpn_as/etc/web-ssl/server.key

cd /usr/local/openvpn_as/scripts

./sacli stop

./sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/privkey.pem" ConfigPut

./sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/fullchain.pem" ConfigPut

./sacli start


reboot

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Renewing_SSL_Certificate_on_OpenVPN_Server&oldid=225