Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. VPN
  3. OpenVPN - TLS verify error

OpenVPN - TLS verify error

Scheduled Pinned Locked Moved Solved VPN
4 Posts 2 Posters 2.4k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • robiR Offline
      robiR Offline
      robi
      wrote on last edited by
      #1

      VPN has been working 2 weeks ago.

      Today connecting fails with a verify error:
      VERIFY ERROR: depth=0, error=CRL has expired: CN=MBP
      OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
      ...

      The device config was created on Aug 16, 2022.

      Does the CRL not update automatically?

      Is there a default expiry? I don't see one set in the config file.

      Ex:
      EASYRSA_CRL_DAYS=3650 (10 yrs)

      Looking at the keys dir in File Manager, it's dated Aug of last year. So is that a 1 year expiry and no update?

      Conscious tech

      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        The current cert expiration is indeed set to 10 years: https://git.cloudron.io/cloudron/openvpn-app/-/blob/master/easyrsa-vars#L15

        Can you download the .opvn file and double check the expiration there?

        robiR 2 Replies Last reply
        0
        • nebulonN nebulon

          The current cert expiration is indeed set to 10 years: https://git.cloudron.io/cloudron/openvpn-app/-/blob/master/easyrsa-vars#L15

          Can you download the .opvn file and double check the expiration there?

          robiR Offline
          robiR Offline
          robi
          wrote on last edited by
          #3

          @nebulon I didn't find it in the .ovpn but in the cert.crt file:

              Validity
                  Not Before: Aug 16 10:04:48 2022 GMT
                  Not After : Aug 13 10:04:48 2032 GMT
          

          So it is configured right, and handing out proper VPN configs, yet the server doesn't like something.

          Conscious tech

          1 Reply Last reply
          0
          • nebulonN nebulon

            The current cert expiration is indeed set to 10 years: https://git.cloudron.io/cloudron/openvpn-app/-/blob/master/easyrsa-vars#L15

            Can you download the .opvn file and double check the expiration there?

            robiR Offline
            robiR Offline
            robi
            wrote on last edited by
            #4

            @nebulon Update: after restarting the OpenVPN App, it connects and verifies TLS just fine.

            Shrug, restart fixed it.

            Conscious tech

            1 Reply Last reply
            0
            • robiR robi marked this topic as a question on
            • robiR robi has marked this topic as solved on
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes


              • Login

              • Don't have an account? Register

              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search