Skip to content

Instantly share code, notes, and snippets.

@asasuou
Forked from HighMacGuy/first_run.ini
Created November 26, 2020 03:47
Show Gist options
  • Save asasuou/e1670bd888ffce6913f6c7da98863502 to your computer and use it in GitHub Desktop.
Save asasuou/e1670bd888ffce6913f6c7da98863502 to your computer and use it in GitHub Desktop.
OpenVPN Access Server Letsencrypt
# OpenVPN Let's Encrypt first run config file
#https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/
cert-name=
authenticator = standalone
standalone-supported-challenges = tls-sni-01
non-interactive = True
rsa-key-size = 4096
email = "[email protected]"
domains = "vpn.server.com"
agree-tos = True
pre-hook = 'service openvpnas stop'
post-hook = 'service openvpnas start'
#!/bin/sh
#https://certbot.eff.org/#ubuntutrusty-other
#https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/
#Either run as sudo or sudo -s then run
#This is the directory from which the first run script will be ran. The first_run.ini file needs to be in the same directory
FIRST_RUN_DIR="/first__run_directory/"
apt-get update
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get install certbot
apt-get update
certbot certonly --config $FIRST_RUN_DIR && first_run.ini
#Update OpenVPN's db
/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"
#!/bin/sh
# https://www.sideras.net/lets-encrypt-https-certificates-for-openvpn-as-access-server/
#Update ini file name with the host name of the server
certbot renew --config vpn.server.ini
#Update OpenVPN's db
/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"
# OpenVPN Let's Encrypt config file
# Variables
domains = vpn.server.com
email = [email protected]
cert-name = Cert_Name
# Non-volatile parameters
quiet = True
rsa-key-size - 4096
non-interactive = True
authenticator = standalone
standalone-supported-challenges = tls-sni-01
deploy-hook =
agree-tos = True
keep-until-expiring = True
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment