1. 当前CA证书有效期是到 2029/11/04 [root@localhost ~]# cat /etc/openvpn/server/certs/ca.crt | openssl x509 -noout -enddate notAfter=Nov 4 09:23:29 2029 GMT
2. 当前服务器证书有效期是到 2022/10/22 [root@localhost ~]# cat /etc/openvpn/server/certs/server.crt | openssl x509 -noout -enddate notAfter=Oct 22 09:24:05 2022 GMT

3.当前客户端证书有效期是到 2022/10/22

[root@client ~]:/etc/openvpn# cat /etc/openvpn/client.crt | openssl x509 -noout -enddate notAfter=Oct 22 09:52:47 2022 GMT

 4.所以2022/10/22之前需要更新延期 服务器证书server.crt和客户端证书client.crt

5. ./easyrsa renew client nopass 和 ./easyrsa renew server nopass

[root@localhost 3]# ./easyrsa renew client nopass

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017

Please confirm you wish to renew the certificate with the following subject:

subject= commonName = client

Type the word 'yes' to continue, or any other input to abort. Continue with renew: yes

Easy-RSA error:

Certificate expires in more than 30 days. Renewal not allowed.

6. renew 证书需要在证书到期前的30天内，否则renew not allowed。
7. EASYRSA_CERT_EXPIRE=36500 ./easyrsa renew server nopass EASYRSA_CERT_EXPIRE=36500 ./easyrsa renew vc nopass