Let's Encrypt Certifcate Installation (LEGACY)
This Guide goes over how to setup let's encrypt certificates for SoftEtherVPN Please refer to that. This article will stay for reference purposes.
Let's Encrypt is a free SSL certificate provider. Let's Encrypt certificates are designed for web-browser HTTPS but they can be used for any SSL or TLS application such as Email or VPN. The main benefit of Let's Encrypt SSL certificates are that they are valid for SSTP on Windows 7, 8, 8.1, and 10 without any additional configuration so you can log into your VPN server using SSTP without having to install a self-signed certificate. The only downside being that you need to re-new your SSL certificate every 3 months.
- We are assuming you are running the Apache Web Server. If not, please install the Certbot package for your Webserver
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo apt-get update
sudo apt-get install apache2 certbot python3-certbot-apache
yum install epel-release
yum install httpd certbot python2-certbot-apache
For OpenSUSE 42.2 and earlier packages are not shipped in official repos. You need to add devel:languages:python repo.
sudo zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/openSUSE_13.2/devel:languages:python.repo
For Leap 42.2 choose this:
sudo zypper addrepo http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_Leap_42.2/devel:languages:python.repo
After the repo is added, run these commands.
sudo zypper install certbot python-certbot python-certbot-apache
sudo zypper install python-cryptography-1.8.1
sudo nano /etc/apache2/sites-available/vpn.conf
Hello
World
vpncmd
Log in as usual
Enter this command. Be sure to replace yourdomain.tld with your domain.
ServerCertSet /LOADCERT:/etc/letsencrypt/live/vpn.yourdomain.tld/fullchain.pem /LOADKEY:/etc/letsencrypt/live/vpn.yourdomain.tld/privkey.pem
No additional settings need to be configured
On most Linux distributions while using SSTP you may need to specify the certificate directory. Since Let's Encrypt uses the DST Root you need to specify the location of the root certificate which is usually located at /etc/ssl/certs/DST_Root_CA_X3.pem
(Ubuntu)