TheAshwanik · June 26, 2020 16:56
diff --git a/certbot.service b/certbot.service
 #FilePath: /lib/systemd/system/certbot.service
 
 [Unit]
 Description=Certbot
 Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
 Documentation=https://letsencrypt.readthedocs.io/en/latest/

 [Service]
 Type=oneshot
 ExecStart=/usr/bin/certbot -q renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/deploy_hook.sh
 PrivateTmp=true
diff --git a/certbot.timer b/certbot.timer
 #FilePath:/lib/systemd/system/certbot.timer

 [Unit]
 Description=Run certbot twice daily

 [Timer]
 OnCalendar=*-*-* 00,12:00:00
 RandomizedDelaySec=43200
 Persistent=true

 [Install]
 WantedBy=timers.target
diff --git a/deploy_hook.sh b/deploy_hook.sh
 #!/bin/sh
 #FilePath: /etc/letsencrypt/renewal-hooks/deploy/deploy_hook.sh

 openvpnas@openvpnas2:/usr/local/openvpn_as/scripts$ cat /etc/letsencrypt/renewal-hooks/deploy/deploy_hook.sh
 export DOMAIN=myvpn.domain.com
 sudo /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`sudo cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"
 sudo /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`sudo cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
 sudo /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`sudo cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
diff --git a/myvpn.domain.com.conf b/myvpn.domain.com.conf
 #FilePath:myvpn.domain.com.conf

 # renew_before_expiry = 30 days
 version = 0.31.0
 archive_dir = /etc/letsencrypt/archive/myvpn.domain.com
 cert = /etc/letsencrypt/live/myvpn.domain.com/cert.pem
 privkey = /etc/letsencrypt/live/myvpn.domain.com/privkey.pem
 chain = /etc/letsencrypt/live/myvpn.domain.com/chain.pem
 fullchain = /etc/letsencrypt/live/myvpn.domain.com/fullchain.pem

 # Options used in the renewal process
 #You will need to configure aws-cli in order to open and close port 80 on the fly. This is needed for acme challenge to succeed on port 80. 
 [renewalparams]
 account = xxxxxxxxxxxxxxxxxxxxxxxxxxx
 pre_hook = sudo service openvpnas stop && sudo service nginx stop &&  export AWS_DEFAULT_REGION=eu-west-1 && aws ec2 authorize-security-group-ingress --group-name "OpenVPN SG - C5" --protocol tcp --port 80 --cidr 0.0.0.0/0
 post_hook = sudo service openvpnas start && sudo service nginx start && export AWS_DEFAULT_REGION=eu-west-1 && aws ec2 revoke-security-group-ingress --group-name "OpenVPN SG - C5" --protocol tcp --port 80 --cidr 0.0.0.0/0
 authenticator = standalone
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/Open VPN with LetsEncrypt certificate b/Open VPN with LetsEncrypt certificate
 https://openvpn.net/vpn-server-resources/managing-settings-for-the-web-services-from-the-command-line/#Installing_a_signed_SSL_certificate
 https://certbot.eff.org/docs/using.html
 https://serverfault.com/questions/215606/how-do-i-view-the-details-of-a-digital-certificate-cer-file
 https://sideras.net/2016/02/24/lets-encrypt-https-certificates-for-openvpn-as-access-server/
 https://docs.aws.amazon.com/cli/latest/reference/ec2/authorize-security-group-ingress.html

 sudo certbot renew --dry-run ( use --verbose if you want )

 sudo service openvpnas start ( or sudo ./sacli start ) 
 sudo service openvpnas stop  ( or sudo ./sacli stop  )

 sudo ./sacli --key "cs.priv_key" ConfigQuery

 sudo /usr/local/openvpn_as/scripts/sqlite3 /usr/local/openvpn_as/etc/db/config.db

 tail -f /var/log/openvpnas.log

 sudo systemctl list-timers
 vi /lib/systemd/system/certbot.service
 vi /lib/systemd/system/certbot.timer


 Some Random commands
 ====================
 sudo netstat -plantu | grep .*LISTEN
 cd /usr/local/openvpn_as/etc/web-ssl/
 ls -l
 ls -l old
 sudo ls -l /etc/letsencrypt/live/myvpn.domain.com/
 sudo service openvpnas stop
 cd ../../scripts/
 sudo /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`sudo cat /etc/letsencrypt/live/myvpn.domain.com/fullchain.pem`"
 sudo /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`sudo cat /etc/letsencrypt/live/myvpn.domain.com/privkey.pem`" > /dev/null
 sudo /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`sudo cat /etc/letsencrypt/live/myvpn.domain.com/cert.pem`"
 sudo service openvpnas restart
 sudo netstat -plantu | grep .*LISTEN
 cd /usr/local/openvpn_as/etc/web-ssl/

 rm server.crt server.key
 sudo rm server.crt server.key

 sudo service openvpnas restart
	#FilePath: /lib/systemd/system/certbot.service

	[Unit]
	Description=Certbot
	Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
	Documentation=https://letsencrypt.readthedocs.io/en/latest/

	[Service]
	Type=oneshot
	ExecStart=/usr/bin/certbot -q renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/deploy_hook.sh
	PrivateTmp=true
	#FilePath:/lib/systemd/system/certbot.timer

	[Unit]
	Description=Run certbot twice daily

	[Timer]
	OnCalendar=--* 00,12:00:00
	RandomizedDelaySec=43200
	Persistent=true

	[Install]
	WantedBy=timers.target
	#!/bin/sh
	#FilePath: /etc/letsencrypt/renewal-hooks/deploy/deploy_hook.sh

	openvpnas@openvpnas2:/usr/local/openvpn_as/scripts$ cat /etc/letsencrypt/renewal-hooks/deploy/deploy_hook.sh
	export DOMAIN=myvpn.domain.com
	sudo /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`sudo cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"
	sudo /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`sudo cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null
	sudo /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`sudo cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"
	#FilePath:myvpn.domain.com.conf

	# renew_before_expiry = 30 days
	version = 0.31.0
	archive_dir = /etc/letsencrypt/archive/myvpn.domain.com
	cert = /etc/letsencrypt/live/myvpn.domain.com/cert.pem
	privkey = /etc/letsencrypt/live/myvpn.domain.com/privkey.pem
	chain = /etc/letsencrypt/live/myvpn.domain.com/chain.pem
	fullchain = /etc/letsencrypt/live/myvpn.domain.com/fullchain.pem

	# Options used in the renewal process
	#You will need to configure aws-cli in order to open and close port 80 on the fly. This is needed for acme challenge to succeed on port 80.
	[renewalparams]
	account = xxxxxxxxxxxxxxxxxxxxxxxxxxx
	pre_hook = sudo service openvpnas stop && sudo service nginx stop && export AWS_DEFAULT_REGION=eu-west-1 && aws ec2 authorize-security-group-ingress --group-name "OpenVPN SG - C5" --protocol tcp --port 80 --cidr 0.0.0.0/0
	post_hook = sudo service openvpnas start && sudo service nginx start && export AWS_DEFAULT_REGION=eu-west-1 && aws ec2 revoke-security-group-ingress --group-name "OpenVPN SG - C5" --protocol tcp --port 80 --cidr 0.0.0.0/0
	authenticator = standalone
	server = https://acme-v02.api.letsencrypt.org/directory
	https://openvpn.net/vpn-server-resources/managing-settings-for-the-web-services-from-the-command-line/#Installing_a_signed_SSL_certificate
	https://certbot.eff.org/docs/using.html
	https://serverfault.com/questions/215606/how-do-i-view-the-details-of-a-digital-certificate-cer-file
	https://sideras.net/2016/02/24/lets-encrypt-https-certificates-for-openvpn-as-access-server/
	https://docs.aws.amazon.com/cli/latest/reference/ec2/authorize-security-group-ingress.html

	sudo certbot renew --dry-run ( use --verbose if you want )

	sudo service openvpnas start ( or sudo ./sacli start )
	sudo service openvpnas stop ( or sudo ./sacli stop )

	sudo ./sacli --key "cs.priv_key" ConfigQuery

	sudo /usr/local/openvpn_as/scripts/sqlite3 /usr/local/openvpn_as/etc/db/config.db

	tail -f /var/log/openvpnas.log

	sudo systemctl list-timers
	vi /lib/systemd/system/certbot.service
	vi /lib/systemd/system/certbot.timer


	Some Random commands
	====================
	sudo netstat -plantu \| grep .*LISTEN
	cd /usr/local/openvpn_as/etc/web-ssl/
	ls -l
	ls -l old
	sudo ls -l /etc/letsencrypt/live/myvpn.domain.com/
	sudo service openvpnas stop
	cd ../../scripts/
	sudo /usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`sudo cat /etc/letsencrypt/live/myvpn.domain.com/fullchain.pem`"
	sudo /usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`sudo cat /etc/letsencrypt/live/myvpn.domain.com/privkey.pem`" > /dev/null
	sudo /usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`sudo cat /etc/letsencrypt/live/myvpn.domain.com/cert.pem`"
	sudo service openvpnas restart
	sudo netstat -plantu \| grep .*LISTEN
	cd /usr/local/openvpn_as/etc/web-ssl/

	rm server.crt server.key
	sudo rm server.crt server.key

	sudo service openvpnas restart