From 1a6a619f75dc5ccda9f149353a9ad231d4ec6966 Mon Sep 17 00:00:00 2001
From: liupengfeng <liupengfeng@springup.xyz>
Date: Fri, 4 Mar 2022 20:11:40 +0800
Subject: [PATCH] fix expire and revoke issue

---
 openvpn-install.sh | 6 ++++++
 1 file changed, 6 insertions(+)
 mode change 100755 => 100644 openvpn-install.sh

diff --git a/openvpn-install.sh b/openvpn-install.sh
old mode 100755
new mode 100644
index 64d8ed0..fd56bb8
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -4,6 +4,8 @@
 # Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Amazon Linux 2, Fedora, Oracle Linux 8, Arch Linux, Rocky Linux and AlmaLinux.
 # https://github.com/angristan/openvpn-install
 
+set EASYRSA_CERT_EXPIRE=3650
+
 function isRoot() {
 	if [ "$EUID" -ne 0 ]; then
 		return 1
@@ -779,6 +781,7 @@ group $NOGROUP
 persist-key
 persist-tun
 keepalive 10 120
+log-append /var/log/openvpn/openvpn.log
 topology subnet
 server 10.8.0.0 255.255.255.0
 ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
@@ -1184,6 +1187,9 @@ function revokeClient() {
 	sed -i "/^$CLIENT,.*/d" /etc/openvpn/ipp.txt
 	cp /etc/openvpn/easy-rsa/pki/index.txt{,.bk}
 
+	PATTERN="CN=$CLIENT$"
+	sed -i "/$PATTERN/d" /etc/openvpn/easy-rsa/pki/index.txt
+
 	echo ""
 	echo "Certificate for client $CLIENT revoked."
 }