Thanks for the help @bonnietwin and @cfusco !
So, I did this after updating to Core-Update 175
0. Stop OpenVPN server
Click the “Stop OpenVPN Server” button. Otherwise we can’t save or delete old certificates.
1. Settings
Global Settings
Protocol: UDP
MTU size: 1500
EDIT: With MTU 1500 I got OpenVPN latency problems. When I instead tried 1360, all problems went away. More info here OpenVPN latency problem (was: Can ISP or Router prevent access via OpenVPN to some private not secure sites? Or is it my settings?) - #2 by cfusco
Destination port: 1194
Hash algorithm: SHA2 (512 bit)
Encryption: AES-GCM (256 bit)
TLS Channel Protection: True
Click the “Save” button
2. Take notes of client info
This is the most important step.
Take note of any settings or names/remarks you want to use for the client connections when you remake them.
All these will be cleared out when you remove the x509.
3. Remove x509
Click “Remove x509” button and then confirm you want to delete it.
4. Create new root/host certificates
Click “Generate root/host certificates” button
Fill the form an then click the “Generate root/host certificates” button
If you need help, see here: wiki.ipfire.org - Generate Server certificates and keys
5. Start OpenVPN server
Click the “Start OpenVPN Server” button
6. Recreate files for clients
Under “Connection Status and -Control”, click the “Add” button and recreate the clients you took notes of in step 2.
If you need help, see here: wiki.ipfire.org - Client configuration
7. Make a backup
Go to the menu System - Backup and create a new backup.
This will then have the new x509/client configs etc stored in it.
Do not restore from any backup before you removed the x509 otherwise that will restore the old x509 plus the old client connections.