I need to change the domain name I use to access my Pritunl web UI (e.g., from vpn.olddomain.com to vpn.newdomain.com), which means I’ll also need a new Let’s Encrypt certificate for the new domain.
The Pritunl Client doesn’t need valid HTTPS certificates, the requests are encrypted and authenticated with a combination of SHA512-HMAC, NaCl and RSA. Also the domain in the top right settings is not stored in the client configuration. The public address and sync address in the hosts tab is used.
If I understand correctly you answer it should be safe to change the Lets Encrypt Domain in the top right Settings tab and this will not affect my users/peers in any way, is that correct?
I haven’t set neither public address nor sync address in the host tab because I’m not using load balancers and if I understand correctly the hint that pops up when you mark the box the host public address should be used by default.
Except Pritunl Client we are also using OVPN client.
I did this recently as the server hostname used to be on a split dns zone which was not the best idea (interval vs external dns)
Created the new domain and pointed it at the ip of the server, set the hostname in the host tab as zach mentioned above, and on the next authentication the clients updated/synced their config.
Once we knew everyone had connected at least once, we retired the old hostname
We had one user who is not using the pritinl client (arm mac running Asahi Linux) so they had to re download their config
We use a load balancer which handles the tls so didn’t have to worry about that change