If you have a problem with an expired OpenSSL certificate on your OpenVPN server, usually the problem looks like this:
Mon Nov 19 05:42:24 2018 VERIFY ERROR: depth=1, error=certificate has expired: C=XX, ST=xx, L=xx, O=Domain, CN=Domain CA, emailAddressfirstname.lastname@example.org Mon Nov 19 05:42:24 2018 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Mon Nov 19 05:42:24 2018 TLS_ERROR: BIO read tls_read_plaintext error Mon Nov 19 05:42:24 2018 TLS Error: TLS object -> incoming plaintext read error Mon Nov 19 05:42:24 2018 TLS Error: TLS handshake failed
you can renew it with the command:
# openssl x509 -in ca.crt -days 3650 -out ca-new.crt -signkey ca.key
And for all VPN Clients, you need to renew “ca.crt” on their computers.
In some situations your may need to renew the server certificate, but before please make a backup of the /etc/openvpn folder.
Renew OpenVPN server certificate:
. vars ./buid-key-server server
And after that restart the OpenVPN server:
# service openvpn restart