[strongSwan] How to use letsencrypt certificate in swanctl?

Derek Cameron dcamero2016 at gmail.com
Fri Feb 1 20:18:58 CET 2019

I got StrongSwan working with Let’s Encrypt. It’s a good idea, since it
makes the client work with no extra software or certificates to install.
Here’s my documentation of the method I used:


On Fri, Feb 1, 2019 at 5:40 AM, Glen Huang <heyhgl at gmail.com> wrote:

> I’m trying to use the certificate generated by letsencrypt for my ikev2
> vpn, and I use swanctl.conf
> I copied either cert.pem or fullchain.pem to swanctl/x509 as cert.pem, and
> specify certs.pem to local.certs. When starting charon, it fails with
> loading ‘/path/to/cert.pem’ failed: parsing X509 certificate failed
> It seems swanctl doesn’t directly support the certificate generated
> by letsencrypt? Is it possible to convert manually?
> Another quick question, if I name the pem file as mydomain.com.pem, charon
> fails with invalid syntax for certs, and it also fails with the same reason
> if I put it in a subfolder in x509 and specify mydomain.com/cert.pem to
> certs. Does that main cert file shouldn’t contain more than two dots in the
> file name? And subfolder isn’t supported?
> Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190201/cf0dcb09/attachment.html>

More information about the Users mailing list