I am trying to attach let's encrypt certificate to my softether vpn server, But didn't found a way for it. Can we use CA signed certificate like let's encrypt in vpn server ? If yes, then please provide the process.
SnapOverflow
I am trying to attach let's encrypt certificate to my softether vpn server, But didn't found a way for it. Can we use CA signed certificate like let's encrypt in vpn server ? If yes, then please provide the process.
The main challenge in using Let's Encrypt certificates with a VPN server is that their validity period is really short, only 3 months. This means there are some prerequisites:
vpncmdin order to understand the steps 1 and 3 in this answer.Steps:
You should add Let's Encrypt as trusted CA for the VPN clients.
You can find the currently active Intermediate Certificates from the Chain of Trust page.
The command is
CertAdd [path], from 6.5.6 "CertAdd": Add Trusted CA Certificate.This step is probably possible with the GUI, too, but I'm not a GUI guy. :)
Install and configure Certbot: instructions based on your web server and system.
Create a script / task / cronjob that periodically updates the certificate and the key.
Certbot renews all certificates that will expire in a month. Therefore, there's up to month before a the old certificate expires, but you in order to minimize the chances for this to fail, I'd recommend running this script at least once a week.
The command, from 6.3.20 "ServerCertSet": Set SSL Certificate and Private Key of VPN Server, is:
For example with Debian Linux, the command might be: