Good evening all, I have been using a Let's encrypt certificate for years issued to my subdomain " subdomain.domain_name.net". It happened that the script that renewed the cert had issues getting out due to some changes in the router which caused the cert to expire. I tried to renew it but it was not possible. I removed the cert and tried to create a new one, only to get a message "Failed to contact Let's encrypt server. Please make sure domain name is valid".
What I did is I generated a new CSR in synology for the same subdomain and bought a PositiveSSL cert from my Registar for 2 years and after activating it, they send the ca.crt and ca_bundle.crt file for it. Imported the certificate based on instructions on security-->certificate--add and gave
1. server.key
2. ca.crt
3. ca_bundle.crt
So far so good, certificate imported fine and shows its expiration date on 2022. After that I configured the services to use this cert and made it the default. Webserver restarted and all looks good I see the padlock green when browsing and connecting to DSM management interface, Fileserver and other services. My only issue is OpenVPN. This is broken.
I did export a new config file and imported that on OpenVPN GUI that I have installed on my windows 10 desktop but connection is not going through.
I get this error:
2021-03-02 22:00:43 VERIFY ERROR: depth=2, error=unable to get issuer certificate:
2021-03-02 22:00:43 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-03-02 22:00:43 TLS_ERROR: BIO read tls_read_plaintext error
2021-03-02 22:00:43 TLS Error: TLS object -> incoming plaintext read error
2021-03-02 22:00:43 TLS Error: TLS handshake failed
2021-03-02 22:00:43 SIGUSR1[soft,tls-error] received, process restarting
I'm not sure why only OpenVPN is having issues.
Here is some more info.
DSM version is 6.2.3-25426 update 3
OpenVPN is v2.5.1
Anyone has hit this issue? Is there any solution for this? I read some other link where they want you to concatenate and merge ca files but they were all at least 8 years old and things have changed. I tried some of them but I get the same error.
Any help is appreciated,
What I did is I generated a new CSR in synology for the same subdomain and bought a PositiveSSL cert from my Registar for 2 years and after activating it, they send the ca.crt and ca_bundle.crt file for it. Imported the certificate based on instructions on security-->certificate--add and gave
1. server.key
2. ca.crt
3. ca_bundle.crt
So far so good, certificate imported fine and shows its expiration date on 2022. After that I configured the services to use this cert and made it the default. Webserver restarted and all looks good I see the padlock green when browsing and connecting to DSM management interface, Fileserver and other services. My only issue is OpenVPN. This is broken.
I did export a new config file and imported that on OpenVPN GUI that I have installed on my windows 10 desktop but connection is not going through.
I get this error:
2021-03-02 22:00:43 VERIFY ERROR: depth=2, error=unable to get issuer certificate:
2021-03-02 22:00:43 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-03-02 22:00:43 TLS_ERROR: BIO read tls_read_plaintext error
2021-03-02 22:00:43 TLS Error: TLS object -> incoming plaintext read error
2021-03-02 22:00:43 TLS Error: TLS handshake failed
2021-03-02 22:00:43 SIGUSR1[soft,tls-error] received, process restarting
I'm not sure why only OpenVPN is having issues.
Here is some more info.
DSM version is 6.2.3-25426 update 3
OpenVPN is v2.5.1
Anyone has hit this issue? Is there any solution for this? I read some other link where they want you to concatenate and merge ca files but they were all at least 8 years old and things have changed. I tried some of them but I get the same error.
Any help is appreciated,