OpenVPN Expired CRL – VPN Won’t Connect
OpenVPN Expired CRL – VPN Won't Connect
Recently, I ran into an issue where OpenVPN was no longer working for existing clients. After looking at the OpenVPN log in /var/log/openvpn.log, I found the following:
VERIFY ERROR: depth=0, error=CRL has expired:
If you see an OpenVPN error about an expired certificate revocation list (CRL), here's how to generate a new CRL:
cd /etc/openvpn/easy-rsa EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem chown nobody:nogroup /etc/openvpn/crl.pem service openvpn restart
Problem solved!
Rent dedicated game servers from Chicago, Kansas City, Dallas Texas, Wilkes-Barre Pennsylvania, Arizona, Denver Colorado, California, Florida, and Sofia Bulgaria starting as low as $7.45 a month. We Be HostiN (https://webehostin.com)
Tags: client, clients, connection, connections, crl, easyrsa, existing, expired, gen-crl, openvpn, vpn