Skip to main content

Using Let's Encrypt with OpenVPN

Basically follow the instructions to install certbot for ubuntu from Certbot (eff.org)

Note that it uses snap to install certbot, not some bespoke apt repo

There's only 2 things you need to worry about, because snapd is already installed at part of openvpn / ubuntu:

 

Install Certbot

sudo snap install --classic certbot

Create a symbolic link

sudo ln -s /snap/bin/certbot /usr/bin/certbot

This is where we can depart the normal process, and create the lets encrypt certs.

run the following command and follow the prompts

sudo certbot certonly --standalone --preferred-challenges http -d vpnserver.yourdomain.com

Finally install the certificates in the website, using the web interface 

 

Automation

 

I haven't tried this myself, but you should be able to automate this by creating a file with the  following ( remember to chmod it with +x)

#!/bin/bash

certbot renew — standalone

sleep 1m

/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/example.com/privkey.pem" ConfigPut

/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/example.com/fullchain.pem" ConfigPut

/usr/local/openvpn_as/scripts/sacli start

 

and set it up as a chron job to run every 2nd month

ie 

0 0 1 */2 * /usr/local/sbin/letsencryptrenewal.sh

 

Tricks to know 

1) The certbot application makes available a file for pickup by a validation process.  So, you need make sure that port 80 is open for this validation to occur 

2) When you installed openvpn, it's likely the server CN is different to what you want it to be, you need to update it, update it from:

  • Configuration 
  • Network Settings
  • Hostname or IP Address    

 

Comments

Post a Comment

Popular posts from this blog

Fixing a https Cert in Windows

 I renewed a https cert today in Windows and had problems with the new Cert sticking in Windows It would add fine, without error, but would disappear when the IIS Server Certificates screen would refresh.  Open the Certificates in MMC (Local Machine) and inspecting the Web Hosting gave a clue, the new certificate was there, but with a key - the private key was missing.  Could be because the original certificate was created on a completely different machine and imported to this new server.  At any rate, a simple certutil command fixed it .  A tip I received from  SSL disappears from the certificate list on Windows server - SSL Certificates - Namecheap.com Key steps are:  Double-click the certificate and go to  Details  tab. In certificate details locate the  Serial Number  field, click on it and copy its value. Open Command Prompt, pressing  Win+R  and typing  cmd , then click  OK In the command prompt type: ...
Post a Comment
Read more

Ever need to reset a password in Bonobo Git Server ?

So, you've forgotten your password to bonobo git. Step 1: Get access to the sqlite file, probably called something like  Bonobo.Git.Server.db, sitting in the "wwwroot\Bonobo.Git.Server\App_Data" directory. Step 2: Using another tool, generate an md5 hash of your new desired password (as far as I know, sqlite does not have md5 capability) Step 3: Back in sqlite, using SQL, update the relevant user record, something like update User set Password = UPPER( 'thenewMD5hash') where Username = 'admin' ; Step 4: That's it, you are done, log in with your newly found password.
2 comments
Read more

Save Attachments in Outlook automatically

For years I have wanted something to do this, and finally found it. Worked perfectly for me in Outlook 2013  In the end it is so simple. Guide from http://www.pixelchef.net/content/rule-autosave-attachment-outlook and https://msdn.microsoft.com/en-us/library/ee814736.aspx Open the VBA IDE in Outlook. Alt-F11 will do this. Insert the following code to the Modules section. On the left side there is a tree, expand until you find Modules. Then, if there is not a Module item under Modules, create one by right clicking on Modules. Or right click and choose Insert -> Module. Now, paste the text below in the main VBA window. Close the VBA IDE. Create a Rule that calls the script. Tools -> Rules and Alerts -> New Rule... In the first screen of the new rule wizard, choose "Check messages when they arrive". In the second, you could specify certain criteria that the message must match. Tip: Try "with specific words in the message header" and ...
Post a Comment
Read more