Extend/renew openvpn cert

[varac]

The openvpn server's cert is expired:

root@openvpn:/etc/openvpn# openssl x509 -in /etc/openvpn/foobar/keys/server.crt -noout -enddate
notAfter=Mar 22 08:27:46 2017 GMT

[varac]

Renewing the cert was easily done be removing the old cert and doing a puppet run:

root@openvpn:/etc/openvpn/foobar# rm /etc/openvpn/foobar/keys/server.crt

root@openvpn:/etc/openvpn/foobar# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for openvpn.dfi.local
Warning: Passing port to firewall is deprecated and will be removed. Use dport and/or sport instead.
Info: Applying configuration version '1490607768'
Notice: /Stage[main]/Site_config::Openvpn/Openvpn::Server[foobar]/Exec[create server.crt for foobar]/returns: executed successfully
Info: Openvpn::Server[foobar]: Scheduling refresh of Class[Openvpn::Service]
Info: Class[Openvpn::Service]: Scheduling refresh of Service[openvpn]
Notice: /Stage[main]/Openvpn::Service/Service[openvpn]: Triggered 'refresh' from 1 events
Notice: Applied catalog in 4.75 seconds

root@openvpn:/etc/openvpn/foobar# openssl x509 -noout -subject -dates -in /etc/openvpn/foobar/keys/server.crt 
subject= /C=DE/ST=Hamburg/L=Hamburg/O=ThoughtWorks/OU=IT/CN=foobar_server/name=foobar/emailAddress=root@openvpn.dfi.local
notBefore=Mar 27 09:42:55 2017 GMT
notAfter=Mar 27 09:42:55 2018 GMT

[varac]

@anikarni I removed the label Tech Debt in favor of Infrastructure, because imo this is a regular task we need to do once a year. Hope you agree.

[varac]

btw, I updated to docs: https://github.com/pixelated/project-issues/wiki/VPN#renewing-server-certificate