Differences

This shows you the differences between two versions of the page.

--- en:vpn:renew-cert [2020/12/05 18:07] – hgo
+++ en:vpn:renew-cert [2024/06/19 08:33] (current) – [1. Neutrinet app] hgo
@@ Line 15: / Line 15: @@
 There are four methods to renew the certificate.
 ## 1. Neutrinet app
-The [[en:cube:apps-neutrinet|Neutrinet app]] takes care of checking every night whether certificates must be renewed.
+The [[https://apps.yunohost.org/app/neutrinet|Neutrinet app]] takes care of checking every night whether certificates must be renewed.
 ### Install
@@ Line 31: / Line 30: @@
 To upgrade this app:
 ```sh
-yunohost tools update --apps
+yunohost tools update apps
-yunohost tools upgrade --apps neutrinet
+yunohost app upgrade neutrinet
 ```
@@ Line 39: / Line 38: @@
 If the Neutrinet app is already installed, you can force the certificates verification:
 ```sh
-cd /opt/neutrinet/renew_cert
+/opt/neutrinet/renew_cert/renew_cert.sh
-./renew_cert_cron.sh -v
 ```
@@ Line 79: / Line 77: @@
 Normaly, a subfolder named `certs_YYYY-MM-DD_HH:MM:SS` (replace the uppercase letters with the script execution date and time ) should be created, which contains all the configuration files needed for the OpenVPN client.
-The files that we need are `client.crt` and `client.key`, i.e. the public and private key of the certificate.
+The files that we need are `client.crt`, `client.key`, and `ca.crt`, i.e. the public and private key of the client certificate, and the public key of the server certificate.
 These files must replace the files in `/etc/openvpn` (this may change depending of the OS).
@@ Line 88: / Line 86: @@
 sudo mv /etc/openvpn/keys/user.crt{,.backup}
 sudo mv /etc/openvpn/keys/user.key{,.backup}
+sudo mv /etc/openvpn/keys/ca-server.crt{,.backup}
 sudo mv client.crt /etc/openvpn/keys/user.crt
 sudo mv client.key /etc/openvpn/keys/user.key
+sudo mv ca.crt /etc/openvpn/keys/ca-server.crt
 ```
@@ Line 96: / Line 96: @@
 **Remark**: Ideally, make sure to be connected on the same local network as your cube, i.e. through its local address (192.168.1.x in most cases).
 ```sh
-sudo systemctl restart openvpn`
+sudo systemctl restart ynh-vpnclient`
 ```
-To check that you are connected to the VPN, you can run the following command:
+You can check that everything went well by looking at the logs:
-```sh
+```
-ip addr
+tail /var/log/openvpn-client.log /var/log/ynh-vpnclient.log
 ```
-Normaly, the `tun0` interface should appear in the list.
 ## 4. From user.neutrinet.be
@@ Line 117: / Line 115: @@
 Create a certificate signing request (CSR) for this key:
 ```sh
-openssl req -new -newkey rsa:4096 -nodes -keyout user.key
+openssl req -out client.csr -new -newkey rsa:4096 -nodes -keyout user.key
 ```
@@ Line 123: / Line 121: @@
 Most important is the `Cname`, that is the name which will be used by Neutrinet to know to whom belongs the certificate.
-**Remark**: It is recommanded to provide your email address for the Cname field.
+**Remark**: It is recommended to provide your email address for the Cname field.
 This command create a file named `client.csr`, which contains the certificate signing request. You can display its content with: