From e57407420c502a5ff99d24218e9ac2c6dad62805 Mon Sep 17 00:00:00 2001
From: Nyr <me@nyr.be>
Date: Mon, 10 Mar 2025 20:44:36 +0100
Subject: [PATCH] Cleanup leftover files after client revocation

Closes #1134
---
 openvpn-install.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index b3cfba3..6e4085c 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -519,6 +519,8 @@ else
 				./easyrsa --batch revoke "$client"
 				./easyrsa --batch --days=3650 gen-crl
 				rm -f /etc/openvpn/server/crl.pem
+				rm -f /etc/openvpn/server/easy-rsa/pki/reqs/"$client".req
+				rm -f /etc/openvpn/server/easy-rsa/pki/private/"$client".key
 				cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem
 				# CRL is read with each client connection, when OpenVPN is dropped to nobody
 				chown nobody:"$group_name" /etc/openvpn/server/crl.pem