Renewing certificates on OpenVPN


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

sudo service openvpnas stop

sudo service nginx stop

sudo ln -s -f /etc/letsencrypt/live/ /usr/local/openvpn_as/etc/web-ssl/server.crt

sudo ln -s -f /etc/letsencrypt/live/ /usr/local/openvpn_as/etc/web-ssl/server.key

sudo ln -s -f /etc/letsencrypt/live/ /usr/local/openvpn_as/etc/web-ssl/chain.crt

sudo ln -s -f /etc/letsencrypt/live/ /usr/local/openvpn_as/etc/web-ssl/fullchain.crt

sudo service nginx start

sudo service openvpnas start

It produced this output: None

My web server is (include version): Access Server 2.1.4b

The operating system my web server runs on is (include version): Ubuntu 16.04.1 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


My problem is that I requested new certificates; but my web server is still using the old ones which are now expired.


Hi @jorgeramos78,

Could you take a look in the web server configuration? What files is it pointing at for the certificate and key according to that configuration?


I wasn’t the one who configured this server, so I am not sure how to access the web server configuration


Maybe grep -r ssl_certificate /etc/nginx to find where it’s specified.


Is this what you mean?

openvpnas@openvpnas2:~$ grep -r ssl_certificate /etc/nginx
/etc/nginx/snippets/snakeoil.conf:ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
/etc/nginx/snippets/snakeoil.conf:ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;


To be clear; I had been using Letsencrypt certificates without any issues before they expired a few days ago.


Yes, but it doesn’t seem to show the reference to your Let’s Encrypt certificates anywhere. Maybe you could also try something like

grep -r /etc/letsencrypt /etc/nginx

Do you know how your nginx server was configured to use your previous Let’s Encrypt certificate?


I ran that grep command, but it didn’t return anything.

I first installed Certbot, per

I think that the configuration file for my site is located at /etc/letsencrypt/renewal/, the contents of that file are below:

renew_before_expiry = 30 days

version = 0.21.1
archive_dir = /etc/letsencrypt/archive/
cert = /etc/letsencrypt/live/
privkey = /etc/letsencrypt/live/
chain = /etc/letsencrypt/live/
fullchain = /etc/letsencrypt/live/

Options used in the renewal process

account = 81b9cef32c2e17ff8290b642c28a3263
installer = None
authenticator = standalone


I also found the /etc/letsencrypt/options-ssl-nginx.conf file, whose content is below:

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;



I got it to work with the new certificates; although I am not entirely sure how. I ran the sudo certbot --nginx command and ended up restoring my server from a backup after the OpenVPN site failed to load.

I hope this goes a little more smoothly the next time I need to renew my certs.

Thanks for your help.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.