<![CDATA[OpenVPN - TLS verify error]]>VPN has been working 2 weeks ago.

Today connecting fails with a verify error:
VERIFY ERROR: depth=0, error=CRL has expired: CN=MBP
OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
...

The device config was created on Aug 16, 2022.

Does the CRL not update automatically?

Is there a default expiry? I don't see one set in the config file.

Ex:
EASYRSA_CRL_DAYS=3650 (10 yrs)

Looking at the keys dir in File Manager, it's dated Aug of last year. So is that a 1 year expiry and no update?

]]>https://forum.cloudron.io/topic/8117/openvpn-tls-verify-errorRSS for NodeMon, 11 May 2026 08:11:37 GMTWed, 30 Nov 2022 00:20:17 GMT60<![CDATA[Reply to OpenVPN - TLS verify error on Wed, 30 Nov 2022 13:57:23 GMT]]>@nebulon Update: after restarting the OpenVPN App, it connects and verifies TLS just fine.

Shrug, restart fixed it.

]]>https://forum.cloudron.io/post/57419https://forum.cloudron.io/post/57419Wed, 30 Nov 2022 13:57:23 GMT<![CDATA[Reply to OpenVPN - TLS verify error on Wed, 30 Nov 2022 13:49:02 GMT]]>@nebulon I didn't find it in the .ovpn but in the cert.crt file:

    Validity
        Not Before: Aug 16 10:04:48 2022 GMT
        Not After : Aug 13 10:04:48 2032 GMT

So it is configured right, and handing out proper VPN configs, yet the server doesn't like something.

]]>https://forum.cloudron.io/post/57418https://forum.cloudron.io/post/57418Wed, 30 Nov 2022 13:49:02 GMT<![CDATA[Reply to OpenVPN - TLS verify error on Wed, 30 Nov 2022 13:25:03 GMT]]>The current cert expiration is indeed set to 10 years: https://git.cloudron.io/cloudron/openvpn-app/-/blob/master/easyrsa-vars#L15

Can you download the .opvn file and double check the expiration there?

]]>https://forum.cloudron.io/post/57414https://forum.cloudron.io/post/57414Wed, 30 Nov 2022 13:25:03 GMT