(This guide assumes you're not living in the stoneages and are using 64bit centos)
- yum update -y
- yum install -y net-tools wget epel-release && yum install -y certbot vim
- systemctl stop firewalld && systemctl disable firewalld
- iptables -F
- certbot certonly –standalone -d blah.tld
- rpm -i openvpn-as-2.x.x-CentOS7.86_64.rpm
- passwd openvpn
- vim /etc/letsencrypt/init_openvpnas #see contents below
- chmod a+x /etc/letsencrypt/init_openvpnas
- /etc/letsencrypt/init_openvpnas
- vim /etc/letsencrypt/upd_openvpnas #see contents below
- chmod a+x /etc/letsencrypt/upd_openvpnas
- vim /etc/crontab
- 41 3 * * * root /etc/letsencrypt/upd_openvpnas
init_openvpnas
/etc/letsencrypt/init_openvpnas
#!/bin/sh DOMAIN="blah.tld" /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`" /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`" systemctl restart openvpnas
upd_openvpnas
/etc/letsencrypt/upd_openvpnas
#!/bin/sh DOMAIN="blah.tld" SHA=`sha1sum /etc/letsencrypt/live/$DOMAIN/fullchain.pem | cut -d " " -f 1` certbot renew -n --standalone --pre-hook "systemctl stop openvpnas" --post-hook "systemctl start openvpnas" --agree-tos >/dev/null 2>/dev/null NEWSHA=`sha1sum /etc/letsencrypt/live/$DOMAIN/fullchain.pem | cut -d " " -f 1` [ "$NEWSHA" = "$SHA" ] && exit 0 /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`" /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`" systemctl restart openvpnas