-ssh root@$host bash <<EOF | $shell 'id -u | grep -xF 0 || s=sudo; $s tar xzv -C /etc/openvpn/client'
-set -eE -o pipefail
-
-server_dir=/etc/openvpn
-if [[ -e /etc/openvpn/server ]]; then
- server_dir=/etc/openvpn/server
-fi
-
-exists=true
-for x in /etc/openvpn/easy-rsa/keys/{$name.{crt,key},ca.crt}; do
- if [[ ! -e \$x ]]; then
- exists=false
- break
- fi
-done
-
-if ! \$exists; then
- cd /etc/openvpn/easy-rsa
- source vars >/dev/null
-
- { echo -e '\n\n\n\n\n'$common_name'\n\n\n\n\n'; sleep 2; echo -e 'y\ny\n'; } | ./build-key $name &>/dev/null
+if ! ssh root@$host bash -s -- $name $common_name < client-cert-helper \
+ | $shell 'id -u | grep -xF 0 || s=sudo; $s tar xzv -C /etc/openvpn/client'; then
+ echo ssh root@$host cat /tmp/vpn-mk-client-cert.log:
+ ssh root@$host cat /tmp/vpn-mk-client-cert.log
+ exit 1