OpenVPN Request for Certificate timing out
A customer asked: > afternoon everyone....hoping someone has a few minutes to answer some questions about deploying openvpn in multi-account we are currently building the openvpn server in the shared account (using packer variables file applied to the packer file in aws-service-catalog module) deploying the openvpn server into the dev account...everything appears to stand up correctly when running openvpn-admin to request certificate for user....the request hits SQS...but the openvpn-admin eventually just times out r:terraform-aws-openvpn --- <ins datetime="2022-08-30T17:05:36Z"> <p><a href="https://support.gruntwork.io/hc/requests/109184">Tracked in ticket #109184</a></p> </ins>
We’ve seen this happen a few times when you use a small instance (e.g., `t3.micro`) for the OpenVPN server, where it struggles to initialize the TLS certificates due to lack of compute + memory. Typically, you can detect this happening by looking at the the system logs for the EC2 instance (either by using the AWS web console or the CLI - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output), where the last log entry is a really long string of `…..++--- .` If this is indeed the cause, you can typically resolve this by relaunching the instance using a larger type (e.g., c4.large), and then rotating it to the smaller size once it successfully initializes.