I am trying to setup openconnect VPN with a let’s encrypt certificate.
I have created the certificate with the hostname FQDN as subjectname.
I have two problems (related).
The first is that I really don’t understand the new way of pointing out certificates with: set vpn openconnect ssl ca-certificate set vpn openconnect ssl certificate
What should pki-ca-name be for the Let’s encrypt R3 certificate? (It contains a singlequote that is not accepted).
Where do the certificates need to be placed for the config to find them?
If I try to “guess”/“test” the names (I just tried R3 for pki-ca-name and my FQDN for pki-cert-name) and do commit I get the error message: “PKI not configured”.
Is there someone who has this working with the new way of pointing out certificates? Pointing at files was a bit clearer to me.
In my case, the file /etc/letsencrypt/live/replace.this.with.your.name/privkey.key has its header as -----BEGIN EC PRIVATE KEY-----, but vyos only support -----BEGIN PRIVATE KEY----- so, if you’re like me, you have to convert it first,