Skip to main content

Using Let's Encrypt with OpenVPN

Basically follow the instructions to install certbot for ubuntu from Certbot (eff.org)

Note that it uses snap to install certbot, not some bespoke apt repo

There's only 2 things you need to worry about, because snapd is already installed at part of openvpn / ubuntu:

 

Install Certbot

sudo snap install --classic certbot

Create a symbolic link

sudo ln -s /snap/bin/certbot /usr/bin/certbot

This is where we can depart the normal process, and create the lets encrypt certs.

run the following command and follow the prompts

sudo certbot certonly --standalone --preferred-challenges http -d vpnserver.yourdomain.com

Finally install the certificates in the website, using the web interface 

 

Automation

 

I haven't tried this myself, but you should be able to automate this by creating a file with the  following ( remember to chmod it with +x)

#!/bin/bash

certbot renew — standalone

sleep 1m

/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/example.com/privkey.pem" ConfigPut

/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/example.com/fullchain.pem" ConfigPut

/usr/local/openvpn_as/scripts/sacli start

 

and set it up as a chron job to run every 2nd month

ie 

0 0 1 */2 * /usr/local/sbin/letsencryptrenewal.sh

 

Tricks to know 

1) The certbot application makes available a file for pickup by a validation process.  So, you need make sure that port 80 is open for this validation to occur 

2) When you installed openvpn, it's likely the server CN is different to what you want it to be, you need to update it, update it from:

  • Configuration 
  • Network Settings
  • Hostname or IP Address    

 

Comments

Popular posts from this blog

Javascript Form Validation

It's real simple. All you need to do is call a javascript function in a html  " onsubmit " in the form tag as a javascript return, like this       <form method="post" action="dosomething.php" onsubmit="return validateForm();"> If the code completes ok, the form is then sent to the page listed in "action" http://www.w3schools.com/js/js_form_validation.asp If the function specified in the onsubmit returns false, then the form is not sent to the page mentioned in action.