I’d like to know how/if I can use keys generated by letsencrypt to set up a vpn such as openvpn or hamachi. Extensive documentation exists, for example, on how to set up OpenVPN by creating keypairs using its built-in easy-rsa utility. But can I forgo this step in favour of using the .pem files generated by letsencrypt? If so, how does this affect the Diffie Hellman parameter generation step of the setup? Thanks!
Is this a VPN for yourself? Then why would you need a third party at all? Using your own CA is always preferrable. The need for third parties only arises when you need to prove to other people that you are really you.
And even if this was a VPN that other people use, I would still provide the necessary certs on a HTTPS site and not use a public CA for the VPN itself.
Also, if you want the users connect using a cert/key (you will see this approach on almost all the tutorials that you could get) you will need a CA to sign the CSRs for the users, that is something that you can’t get with Let’s Encrypt so, go ahead and use your own self-signed CA to generate your vpn server certificate and the certificates used by your vpn users.
Thanks for these two responses. Yes, this is a VPN for myself. Because I have only a passing interest in encryption, what I was hoping to achieve was to keep my use of certificates to manage and different certificate tools to use to a minimum. I also wanted to avoid any authenticity warnings or security exceptions to have to add. But if letsencrypt truly adds little to no advantage over self-signed CAs, then I’ll just go with that. Thanks again!
Letsencrypt will surely add enough advantage over CAs. I advice you to go for it to setup a fast VPN for yourself.