Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. OpenVPN
  3. OpenVPN - TLS verify error

OpenVPN - TLS verify error

Scheduled Pinned Locked Moved Solved OpenVPN
4 Posts 2 Posters 1.9k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #1

    VPN has been working 2 weeks ago.

    Today connecting fails with a verify error:
    VERIFY ERROR: depth=0, error=CRL has expired: CN=MBP
    OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
    ...

    The device config was created on Aug 16, 2022.

    Does the CRL not update automatically?

    Is there a default expiry? I don't see one set in the config file.

    Ex:
    EASYRSA_CRL_DAYS=3650 (10 yrs)

    Looking at the keys dir in File Manager, it's dated Aug of last year. So is that a 1 year expiry and no update?

    Conscious tech

    1 Reply Last reply
    0
    • nebulonN Away
      nebulonN Away
      nebulon Staff
      wrote on last edited by
      #2

      The current cert expiration is indeed set to 10 years: https://git.cloudron.io/cloudron/openvpn-app/-/blob/master/easyrsa-vars#L15

      Can you download the .opvn file and double check the expiration there?

      robiR 2 Replies Last reply
      0
      • robiR Offline
        robiR Offline
        robi
        replied to nebulon on last edited by
        #3

        @nebulon I didn't find it in the .ovpn but in the cert.crt file:

            Validity
        Not Before: Aug 16 10:04:48 2022 GMT
        Not After : Aug 13 10:04:48 2032 GMT

        So it is configured right, and handing out proper VPN configs, yet the server doesn't like something.

        Conscious tech

        1 Reply Last reply
        0
        • robiR Offline
          robiR Offline
          robi
          replied to nebulon on last edited by
          #4

          @nebulon Update: after restarting the OpenVPN App, it connects and verifies TLS just fine.

          Shrug, restart fixed it.

          Conscious tech

          1 Reply Last reply
          0
          • robiR robi marked this topic as a question on
          • robiR robi has marked this topic as solved on

          • Login
          • Don't have an account? Register
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search