First you need certbot on your server.
Once you have that you need to stop OpenVPN service and run the following
service openvpnas stop
certbot certonly \
–standalone \
–non-interactive \
–agree-tos \
–email YOUR_CERTIFICATE_EMAIL \
–domains YOUR_DOMAIN \
–pre-hook ‘sudo service openvpnas stop’ \
–post-hook ‘sudo service openvpnas start’
In our case it’s
certbot certonly --standalone --non-interactive --agree-tos --email hostmaster@gozenhost.com --domains support.gozenhost.com --pre-hook 'service openvpnas stop' --post-hook 'service openvpnas start'
Before finish…let’s do one more step to ensure that OpenVPN uses the very last SSL always…even after we renew it.
ln -s -f /etc/letsencrypt/live/support.gozenhost.com/cert.pem /usr/local/openvpn_as/etc/web-ssl/server.crt
ln -s -f /etc/letsencrypt/live/support.gozenhost.com/privkey.pem /usr/local/openvpn_as/etc/web-ssl/server.key