(This guide assumes you're not living in the stoneages and are using 64bit centos)

yum update -y
yum install -y net-tools wget epel-release && yum install -y certbot vim
systemctl stop firewalld && systemctl disable firewalld
iptables -F
certbot certonly –standalone -d blah.tld
#get url from https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=CentOS
wget http://swupdate.openvpn.org/as/openvpn-as-2.x.x-CentOS7.x86_64.rpm
rpm -i openvpn-as-2.x.x-CentOS7.86_64.rpm
passwd openvpn
vim /etc/letsencrypt/init_openvpnas #see contents below
chmod a+x /etc/letsencrypt/init_openvpnas
/etc/letsencrypt/init_openvpnas
vim /etc/letsencrypt/upd_openvpnas #see contents below
chmod a+x /etc/letsencrypt/upd_openvpnas
vim /etc/crontab
- 41 3 * * * root /etc/letsencrypt/upd_openvpnas

init_openvpnas

/etc/letsencrypt/init_openvpnas

#!/bin/sh

DOMAIN="blah.tld"

/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"

systemctl restart openvpnas

upd_openvpnas

/etc/letsencrypt/upd_openvpnas

#!/bin/sh

DOMAIN="blah.tld"

SHA=`sha1sum /etc/letsencrypt/live/$DOMAIN/fullchain.pem | cut -d " " -f 1`

certbot renew -n --standalone --pre-hook "systemctl stop openvpnas" --post-hook "systemctl start openvpnas" --agree-tos >/dev/null 2>/dev/null

NEWSHA=`sha1sum /etc/letsencrypt/live/$DOMAIN/fullchain.pem | cut -d " " -f 1`

[ "$NEWSHA" = "$SHA" ] && exit 0

/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"

systemctl restart openvpnas