Local OpenVPN certificate expired

Technical Support for Routers VPN, DNS, Leaks
1

Dear Sirs,
today I’ve lost access to any OpenVPN servers because of (my assumption) local (device unique?) cert expired.

Model: GL-AR750S-EXT Slate
Firmware: 3.215

SYSTEM LOG:
Sun Dec 18 10:54:11 2022 daemon.err openvpn[18---]: VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=US, O=Let's Encrypt, CN=R3, serial=[*HIDDEN*]
Sun Dec 18 10:54:15 2022 daemon.notice openvpn[18---]: SIGHUP[soft,tls-error] received, process restarting
Sun Dec 18 10:54:15 2022 daemon.warn openvpn[18---]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Sun Dec 18 10:54:15 2022 daemon.notice openvpn[18---]: OpenVPN 2.5.2 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Dec 18 10:54:15 2022 daemon.notice openvpn[18---]: library versions: OpenSSL 1.1.1n  15 Mar 2022
Sun Dec 18 10:54:15 2022 daemon.notice openvpn[18---]: Restart pause, 2 second(s)
Sun Dec 18 10:54:17 2022 daemon.warn openvpn[18---]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Dec 18 10:54:17 2022 daemon.warn openvpn[18---]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

It looks the same as Expired OpenSSL Certificate Authority Fix

Could you, please, clarify,

  1. if the software issue is not solved still,
  2. how is it possible to fix it.

Thank you in advance!

2

Did you try the fix (install the two packages) I posted in the ‘expired openssl certificate authority fix’ article that you referenced?

3

@thewizard yes, I did. And after applying & restart of GL router your solution helped with 1, but not all the public servers. I’ll search for some newly published .ovpn files and test them.

4

So,

  1. before the CA files have been applied, all vpngate/.ovpn tunnels failed to connect with an error or disconnected after a few seconds with cipher or CA errors,
  2. after the CA files have been applied, less than 30% of the tunnels are available, the rest of vpngate/.ovpn configs still fail to connect with cipher or CA errors,
  3. after both CA files have been uninstalled and router has been restarted, access to the both
    WEB-interfaces (Admin Panel and LuCI) was permanently lost, and since I have no idea how to fix the problem through SSH, I had to reset the router to the default settings.