This can be used on any adaptation of AS on Linux but specific to Ubuntu
apt install certbot
Open port 80 in the security groups to the EC2 instance, this is for cert verification
certbot certonly --standalone --preferred-challenges http -d YOURDOMAIN.COM /usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/YOURDOMAIN/privkey.pem" ConfigPut /usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/YOURDOMAIN/fullchain.pem" ConfigPut /usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/YOURDOMAIN/chain.pem" ConfigPut /usr/local/openvpn_as/scripts/sacli start touch /usr/local/sbin/YOURSCRIPTNAME.sh vi /usr/local/sbin/YOURSCRIPTNAME.sh
Then insert the code into the script
#!/bin/bash certbot renew — standalonesleep 3m /usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem" ConfigPut /usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem" ConfigPut /usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/YOURDOMAIN/chain.pem" ConfigPut /usr/local/openvpn_as/scripts/sacli start
Make it executable
chmod u+x /usr/local/sbin/YOURSCRIPTNAME.sh
Automate it with cron tab to auto renew the cert.
crontab -e
0 * 15 */2 * /usr/local/sbin/YOURSCRIPTNAME.sh