Skip to content

Let's Encrypt Certifcate Installation (LEGACY)

Jump to bottom Edit New page
Andrew edited this page Dec 26, 2021 · 1 revision

This Guide goes over how to setup let's encrypt certificates for SoftEtherVPN Please refer to that. This article will stay for reference purposes.

Let's Encrypt is a free SSL certificate provider. Let's Encrypt certificates are designed for web-browser HTTPS but they can be used for any SSL or TLS application such as Email or VPN. The main benefit of Let's Encrypt SSL certificates are that they are valid for SSTP on Windows 7, 8, 8.1, and 10 without any additional configuration so you can log into your VPN server using SSTP without having to install a self-signed certificate. The only downside being that you need to re-new your SSL certificate every 3 months.

Let's Encrypt installation, Configuration, and Certificate Generation.

Installation

  • We are assuming you are running the Apache Web Server. If not, please install the Certbot package for your Webserver

Ubuntu

sudo apt-get install software-properties-common

sudo add-apt-repository universe

sudo apt-get update

sudo apt-get install apache2 certbot python3-certbot-apache

CentOS

yum install epel-release

yum install httpd certbot python2-certbot-apache

openSUSE

For OpenSUSE 42.2 and earlier packages are not shipped in official repos. You need to add devel:languages:python repo.

sudo zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/openSUSE_13.2/devel:languages:python.repo

For Leap 42.2 choose this:

sudo zypper addrepo http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_Leap_42.2/devel:languages:python.repo

After the repo is added, run these commands.

sudo zypper install certbot python-certbot python-certbot-apache

sudo zypper install python-cryptography-1.8.1

Configuration

Apache

sudo nano /etc/apache2/sites-available/vpn.conf

Hello
World

Generation

VPN Server Configuration

vpncmd Log in as usual

Enter this command. Be sure to replace yourdomain.tld with your domain. ServerCertSet /LOADCERT:/etc/letsencrypt/live/vpn.yourdomain.tld/fullchain.pem /LOADKEY:/etc/letsencrypt/live/vpn.yourdomain.tld/privkey.pem

Renewing Your Certificate

Third Party Client Configuration

Android (VPN Client Pro)

No additional settings need to be configured

GNU/Linux

On most Linux distributions while using SSTP you may need to specify the certificate directory. Since Let's Encrypt uses the DST Root you need to specify the location of the root certificate which is usually located at /etc/ssl/certs/DST_Root_CA_X3.pem (Ubuntu)

Add a custom footer
Add a custom sidebar
Clone this wiki locally