VyOS should not check the existence of` ca-cert-file` in config when using not self-signed certificates like certificates provided LetsEncrypt.
set vpn openconnect authentication local-users username user1 password 'user1' set vpn openconnect authentication mode 'local' set vpn openconnect network-settings client-ip-settings subnet '100.64.0.0/24' set vpn openconnect network-settings name-server '1.1.1.1' set vpn openconnect ssl cert-file '/etc/letsencrypt/live/domain.example.com/fullchain.pem' set vpn openconnect ssl key-file '/etc/letsencrypt/live/domain.example.com/privkey.pem' commit [ vpn openconnect ] openconnect ssl ca-cert-file required [[vpn openconnect]] failed Commit failed
https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/vpn_openconnect.py#L76
Propose to exlude ca_cert_file from this list