OpenVPN Expired CRL – VPN Won’t Connect

OpenVPN Expired CRL – VPN Won't Connect

Recently, I ran into an issue where OpenVPN was no longer working for existing clients.  After looking at the OpenVPN log in /var/log/openvpn.log, I found the following:

VERIFY ERROR: depth=0, error=CRL has expired:

If you see an OpenVPN error about an expired certificate revocation list (CRL), here's how to generate a new CRL:

cd /etc/openvpn/easy-rsa
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chown nobody:nogroup /etc/openvpn/crl.pem
service openvpn restart

Problem solved!

Rent dedicated game servers from Chicago, Kansas City, Dallas Texas, Wilkes-Barre Pennsylvania, Arizona, Denver Colorado, California, Florida, and Sofia Bulgaria starting as low as $7.45 a month. We Be HostiN (https://webehostin.com)

Tags: , , , , , , , , , ,

Leave a Reply

You must be logged in to post a comment.