I’m facing the exact same issue as this post, but with OpenConnect.
I use a Let’s Encrypt certificate, with Let’s Encrypt E5 as the intermediate CA and ISRG ROOT X2 as the root CA.
As I can specify only one certificate or ca-certificate, VyOS can’t send a certification chain to my VPN client. This results in a warning message because my certificate cannot be validated, as E5 is not a root certificate.
In other words I’d like to send the fullchain.pem file as certificate.
Or is there an other way to make it work? I use OpenConnect client VPN for Windows which seems to don’t support AIA.
Thanks
Emile