This morning when I logged on FreePBX I had the usual warning message regarding Lets Encrypt renewing certificate. This has worked flawlessly in the past without me having to do anything such as restarting services, etc.
This morning all of my Sangoma S500 connected via VPN had dropped and failed to reconnect. I check /var/log/messages and could see a stream of errors similar to the following:
OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
To fix this I tried the following:
- Rebooted the server - Didn’t fix the issue.
- Issued the “fwconsole -r” command - Didn’t fix the issue.
- Did some Google and came across the following page - https://forums.openvpn.net/viewtopic.php?t=23166 I changed “default_days” and “default_crl_days” but the command to regen the files didn’t work. - Didn’t fix the issue
The fix for me was:
Via the web frontend I went into the VPN Server under Admin and I disabled the VPN server. I then re-enabled the VPN server and almost instantly the phones started to connect back in via VPN.
Questions:
- Has anyone else experienced this?
- Am I correct in thinking this was due to the Lets Encrypt Auto renewal or was it just bad timing?
- Is it possible to stop and start the VPN server via CLI incase this problem happens again?
Thanks