[strongSwan] How to use letsencrypt certificate in swanctl?

Glen Huang heyhgl at gmail.com
Fri Feb 1 14:39:57 CET 2019

I’m trying to use the certificate generated by letsencrypt for my ikev2 vpn, and I use swanctl.conf

I copied either cert.pem or fullchain.pem to swanctl/x509 as cert.pem, and specify certs.pem to local.certs. When starting charon, it fails with

loading ‘/path/to/cert.pem’ failed: parsing X509 certificate failed

It seems swanctl doesn’t directly support the certificate generated by letsencrypt? Is it possible to convert manually?

Another quick question, if I name the pem file as mydomain.com.pem, charon fails with invalid syntax for certs, and it also fails with the same reason if I put it in a subfolder in x509 and specify mydomain.com/cert.pem <http://mydomain.com/cert.pem> to certs. Does that main cert file shouldn’t contain more than two dots in the file name? And subfolder isn’t supported?

Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190201/b54a3cfa/attachment.html>

More information about the Users mailing list