(This guide assumes you're not living in the stoneages and are using 64bit centos)

  * yum update -y
  * yum install -y net-tools wget epel-release && yum install -y certbot vim
  * systemctl stop firewalld && systemctl disable firewalld
  * iptables -F
  * certbot certonly --standalone -d blah.tld
  * #get url from https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=CentOS
  * wget http://swupdate.openvpn.org/as/openvpn-as-2.x.x-CentOS7.x86_64.rpm
  * rpm -i openvpn-as-2.x.x-CentOS7.86_64.rpm
  * passwd openvpn
  * vim /etc/letsencrypt/init_openvpnas #see contents below
  * chmod a+x /etc/letsencrypt/init_openvpnas
  * /etc/letsencrypt/init_openvpnas
  * vim /etc/letsencrypt/upd_openvpnas #see contents below
  * chmod a+x /etc/letsencrypt/upd_openvpnas
  * vim /etc/crontab 
    * 41 3 * * * root /etc/letsencrypt/upd_openvpnas


====== init_openvpnas ======
/etc/letsencrypt/init_openvpnas
<code>
#!/bin/sh

DOMAIN="blah.tld"

/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"

systemctl restart openvpnas
</code>

====== upd_openvpnas ======
/etc/letsencrypt/upd_openvpnas
<code>
#!/bin/sh

DOMAIN="blah.tld"

SHA=`sha1sum /etc/letsencrypt/live/$DOMAIN/fullchain.pem | cut -d " " -f 1`

certbot renew -n --standalone --pre-hook "systemctl stop openvpnas" --post-hook "systemctl start openvpnas" --agree-tos >/dev/null 2>/dev/null

NEWSHA=`sha1sum /etc/letsencrypt/live/$DOMAIN/fullchain.pem | cut -d " " -f 1`

[ "$NEWSHA" = "$SHA" ] && exit 0

/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"

systemctl restart openvpnas
</code>