#!/bin/sh # 2021-07-23 https://roddie.digital # Check and regenerate OpenVPN CRL # Run as root # check location of crl grep "crl-verify" /etc/openvpn/server.conf read -p "Press Enter to continue ..." # check date of current crl echo "Checking /etc/openvpn/crl.pem ..." echo "" openssl crl -in /etc/openvpn/crl.pem -text | grep Next read -p "Press Enter to continue ..." # generate the new crl /etc/openvpn/easy-rsa/easyrsa gen-crl # copy it to the right location cp -v /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem # restart openvpn systemctl restart openvpn # check openvpn systemctl status openvpn # check the new expiry date echo "New expiry date:" echo "" grep "crl-verify" /etc/openvpn/server.conf