Renewing expired OpenVPN users

Are you experiencing the CRL expiry issue bug that occurred in Core Update 186.

https://community.ipfire.org/t/log-summary-openvpn-no-crl-update/11816

https://community.ipfire.org/t/log-summary-openvpn-no-crl-update/11816/7

https://community.ipfire.org/t/log-summary-openvpn-no-crl-update/11816/11

If yes then you should follow the suggestions in that thread until,Core Update 187 is released as that has the fix for the lack of CRL update.

If you are referring to client certificates running out of their overall validity period, which by default is set to 2 years (730 days) then no there is currently no easy way to renew the certificate in a seamless way. The openssl certificate system doesn’t easily allow it.
There is a bug report raised for this and some steps have been taken to provide the info such as visibility of when the certificates will expire, but currently you still have to create new certificates and copy them to the client systems. The bug is still open and needs further work.
https://bugzilla.ipfire.org/show_bug.cgi?id=11742