This can be used on any adaptation of AS on Linux but specific to Ubuntu


apt install certbot

Open port 80 in the security groups to the EC2 instance, this is for cert verification


certbot certonly --standalone --preferred-challenges http -d YOURDOMAIN.COM

/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/YOURDOMAIN/privkey.pem" ConfigPut

/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/YOURDOMAIN/fullchain.pem" ConfigPut

/usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/YOURDOMAIN/chain.pem" ConfigPut
	
/usr/local/openvpn_as/scripts/sacli start
	
touch /usr/local/sbin/YOURSCRIPTNAME.sh
	
vi /usr/local/sbin/YOURSCRIPTNAME.sh

Then insert the code into the script


	
#!/bin/bash
	
certbot renew — standalonesleep 3m
	
/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem" ConfigPut
	
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem" ConfigPut

/usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/YOURDOMAIN/chain.pem" ConfigPut
	
/usr/local/openvpn_as/scripts/sacli start


Make it executable


	
chmod u+x /usr/local/sbin/YOURSCRIPTNAME.sh


Automate it with cron tab to auto renew the cert.


	
crontab -e
	
0 * 15 */2 * /usr/local/sbin/YOURSCRIPTNAME.sh