I got StrongSwan working with Let’s Encrypt. It’s a good idea, since it makes the client work with no extra software or certificates to install. Here’s my documentation of the method I used: https://dc77312.wordpress.com/2019/02/01/strongswan-with-lets-encrypt-ssl-certificate-for-server/
Derek. On Fri, Feb 1, 2019 at 5:40 AM, Glen Huang <hey...@gmail.com> wrote: > I’m trying to use the certificate generated by letsencrypt for my ikev2 > vpn, and I use swanctl.conf > > I copied either cert.pem or fullchain.pem to swanctl/x509 as cert.pem, and > specify certs.pem to local.certs. When starting charon, it fails with > > loading ‘/path/to/cert.pem’ failed: parsing X509 certificate failed > > It seems swanctl doesn’t directly support the certificate generated > by letsencrypt? Is it possible to convert manually? > > Another quick question, if I name the pem file as mydomain.com.pem, charon > fails with invalid syntax for certs, and it also fails with the same reason > if I put it in a subfolder in x509 and specify mydomain.com/cert.pem to > certs. Does that main cert file shouldn’t contain more than two dots in the > file name? And subfolder isn’t supported? > > Thanks a lot. >