-
-
Save HighMacGuy/3cf42ce21d3bd923f2440f9938e2f664 to your computer and use it in GitHub Desktop.
OpenVPN Access Server Letsencrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OpenVPN Let's Encrypt first run config file | |
| #https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/ | |
| cert-name= | |
| authenticator = standalone | |
| standalone-supported-challenges = tls-sni-01 | |
| non-interactive = True | |
| rsa-key-size = 4096 | |
| email = "[email protected]" | |
| domains = "vpn.server.com" | |
| agree-tos = True | |
| pre-hook = 'service openvpnas stop' | |
| post-hook = 'service openvpnas start' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #https://certbot.eff.org/#ubuntutrusty-other | |
| #https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/ | |
| #Either run as sudo or sudo -s then run | |
| #This is the directory from which the first run script will be ran. The first_run.ini file needs to be in the same directory | |
| FIRST_RUN_DIR="/first__run_directory/" | |
| apt-get update | |
| apt-get install software-properties-common | |
| add-apt-repository ppa:certbot/certbot | |
| apt-get install certbot | |
| apt-get update | |
| certbot certonly --config $FIRST_RUN_DIR && first_run.ini | |
| #Update OpenVPN's db | |
| /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`" | |
| /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null | |
| /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # https://www.sideras.net/lets-encrypt-https-certificates-for-openvpn-as-access-server/ | |
| #Update ini file name with the host name of the server | |
| certbot renew --config vpn.server.ini | |
| #Update OpenVPN's db | |
| /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`" | |
| /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null | |
| /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OpenVPN Let's Encrypt config file | |
| # Variables | |
| domains = vpn.server.com | |
| email = [email protected] | |
| cert-name = Cert_Name | |
| # Non-volatile parameters | |
| quiet = True | |
| rsa-key-size - 4096 | |
| non-interactive = True | |
| authenticator = standalone | |
| standalone-supported-challenges = tls-sni-01 | |
| deploy-hook = | |
| agree-tos = True | |
| keep-until-expiring = True |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for posting this. It got me on the right track.
It looks like you have a typo in
first_run.sh:certbot certonly --config $FIRST_RUN_DIR && first_run.inishould becertbot certonly --config "$FIRST_RUN_DIR"/first_run.ini.Also, it looks like you can simply pass the full path of the certs now:
Then you have to run
systemctl restart openvpnas.service.