I accidentally removed my OpenVPN ca.crt, ca.key, server.crt and server.key with the ./clean-all command. I didn't know that the server config (currently also the "signing machine") pointed to the easy-rsa/keys directory instead of to the certificates folder as we do on the clients. (i know its stupid to not check this first but that is to late now)
For some reason stay the already connected devices still connected. I can also connect new clients with the existing (old/currently deployed) certificates. I think this is because i did not restart the vpn service yet, isn't it? (I don't dare to restart the service now because i'm scared I can't access the clients anymore)
Is there a way to get my ca.key so I can generate a new server.crt and server.key? (Or maybe so get the server.x back as well). I still have the ca.crt as its available on the clients.
When i cant get my ca.key back, what is the best way to solve my issue? I suppose i need to
- generate a new
ca.crtandca.key - generate a new server certificate
- generate new client certificates
- distribute the new (client) certificates to the clients (as i can still reach them via VPN now)
- restart the VPN service on the clients (so they use the new certificate)
- restart the VPN service on the server so the new certificates become active (when i forgot a client, its "lost" from now on?)
It is important that i do not "lose" clients as i need to drive a few hours to get access to some of the clients!