When the built in OpenVPN cert expires and you have “auto renew” set to “yes” the OpenVPN server will automatically restart to generate a new certificate.
I assume any phones attached and using the OpenVPN connection will need to have their profiles rebuilt in EPM and then be updated? Or must they completely re-provision?
Whitelist the IP addresses in the Firewall or enable Responsive Firewall, Take each of the phones off VPN in EPM > Extension Mapping, make sure you still have control of the phones, Rebuild the VPN certificates in SysAdmin, then put the phones back on to VPN in EPM > Extension Mapping.
Edit: The IP addresses I am referring to is the Public IP for the internet connections, not the VPN IPs.