Script to renew Let's Encrypt certificate and then replace certificate on OpenVPN server

certrenew.sh

#!/bin/bash

(
DOMAIN="vpn.example.com"

set -eu

certbot renew -q

/usr/local/openvpn_as/scripts/sacli stop

/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem`"

/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /etc/letsencrypt/live/$DOMAIN/privkey.pem`" > /dev/null

/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /etc/letsencrypt/live/$DOMAIN/cert.pem`"

/usr/local/openvpn_as/scripts/sacli start
)