-
-
Save asasuou/e1670bd888ffce6913f6c7da98863502 to your computer and use it in GitHub Desktop.
OpenVPN Access Server Letsencrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# OpenVPN Let's Encrypt first run config file | |
#https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/ | |
cert-name= | |
authenticator = standalone | |
standalone-supported-challenges = tls-sni-01 | |
non-interactive = True | |
rsa-key-size = 4096 | |
email = "[email protected]" | |
domains = "vpn.server.com" | |
agree-tos = True | |
pre-hook = 'service openvpnas stop' | |
post-hook = 'service openvpnas start' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#https://certbot.eff.org/#ubuntutrusty-other | |
#https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/ | |
#Either run as sudo or sudo -s then run | |
#This is the directory from which the first run script will be ran. The first_run.ini file needs to be in the same directory | |
FIRST_RUN_DIR="/first__run_directory/" | |
apt-get update | |
apt-get install software-properties-common | |
add-apt-repository ppa:certbot/certbot | |
apt-get install certbot | |
apt-get update | |
certbot certonly --config $FIRST_RUN_DIR && first_run.ini | |
#Update OpenVPN's db | |
/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`" | |
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null | |
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# https://www.sideras.net/lets-encrypt-https-certificates-for-openvpn-as-access-server/ | |
#Update ini file name with the host name of the server | |
certbot renew --config vpn.server.ini | |
#Update OpenVPN's db | |
/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`" | |
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null | |
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# OpenVPN Let's Encrypt config file | |
# Variables | |
domains = vpn.server.com | |
email = [email protected] | |
cert-name = Cert_Name | |
# Non-volatile parameters | |
quiet = True | |
rsa-key-size - 4096 | |
non-interactive = True | |
authenticator = standalone | |
standalone-supported-challenges = tls-sni-01 | |
deploy-hook = | |
agree-tos = True | |
keep-until-expiring = True |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment