update-openvpn-certs.sh

#!/bin/bash
# update-openvpn-certs.sh

/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/<YOUR DOMAIN NAME>/privkey.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/<YOUR DOMAIN NAME>/fullchain.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/<YOUR DOMAIN NAME>/chain.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

Allright np. My fault was i was following your commands about 2 hours until i figured out that the fullchain is not needed but instead the cert.pem. So the right commands would be:

./sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live//privkey.pem" ConfigPut
./sacli --key "cs.cert" --value_file "/etc/letsencrypt/live//cert.pem" ConfigPut
./sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live//chain.pem" ConfigPut
./sacli start

But the more easy way is to delete the certificates from the DB with following commands:
./confdba -mk cs.ca_bundle
./confdba -mk cs.priv_key
./confdba -mk cs.cert

And then just link the certs to the /config/etc/web-ssl folder. (direct from the letsencrypt folder, cause if the renewal happen the links are still the same and everything still works without touching or making some pre- and -post-hooks.

sudo ln -s -f /etc/letsencrypt/live/YOUR_DOMAIN/cert.pem /usr/local/openvpn_as/etc/web-ssl/server.crt
sudo ln -s -f /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /usr/local/openvpn_as/etc/web-ssl/server.key
sudo ln -s -f /etc/letsencrypt/live/YOUR_DOMAIN/chain.pem /usr/local/openvpn_as/etc/web-ssl/ca.crt

Im using openvpn-as in docker, so the only thing i have to take care now is to create the symlinks everytime after i did recreate the docker container. The rest is automated by certbot already and i dont need pre or post hooks.

Cheers,
Moli

Thanks for that, you just helped me out :)