Renewing SSL Certificate on OpenVPN Server

From Apoyar Wiki
Revision as of 10:29, 7 September 2023 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Login to openvpn server from jupiter (10.0.1.55 using neal user and apoyar key)

systemctl stop openvpnas

systemctl status openvpnas

certbot certonly --force-renewal --standalone --non-interactive --agree-tos --email support@apoyar.eu --domains sslvpn.apoyar.net --pre-hook 'sudo service openvpnas stop' --post-hook 'sudo service openvpnas start'

(If getting error about port 80 while running above command, we have to kill the process running on that port)

to check services running on ports, run below command

netstat -anpt | grep LISTEN

check here and kill process and then try again running certbot command, once command executed get the certificate and key details, edit in below commands and execute below 2 commands

ln -s -f /certificate path /usr/local/openvpn_as/etc/web-ssl/server.crt

ln -s -f /keyfile path /usr/local/openvpn_as/etc/web-ssl/server.key

cd /usr/local/openvpn_as/scripts

./sacli stop

./sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/privkey.pem" ConfigPut

./sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/sslvpn.apoyar.net/fullchain.pem" ConfigPut

./sacli start


reboot

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Renewing_SSL_Certificate_on_OpenVPN_Server&oldid=277