OpenVPN Expired CRL – VPN Won’t Connect
Wednesday, December 7th, 2022OpenVPN Expired CRL – VPN Won't Connect
Recently, I ran into an issue where OpenVPN was no longer working for existing clients. After looking at the OpenVPN log in /var/log/openvpn.log, I found the following:
VERIFY ERROR: depth=0, error=CRL has expired:
If you see an OpenVPN error about an expired certificate revocation list (CRL), here's how to generate a new CRL:
cd /etc/openvpn/easy-rsa EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem chown nobody:nogroup /etc/openvpn/crl.pem service openvpn restart
Problem solved!