do the acme certificates replace those generated by easyrsa, or are both still needed?

I have a new openBalena server running. I used the “-c” option with the quickstart script and this is working fine. But I noticed that it still generated all the certificates under config/certs as it did without the -c option. Also, I see that the acme certs are mounted and used by haproxy, but the vpn container references the OPENBALENA_VPN_* variables which contain cert info from config/certs.

So, my question is, are the acme certificates sufficient for everything themselves, or are they only used for some things, while the VPN (openvpn) still requires the certs under config/certs? Basically, I would like to know if acme will handle all my certificate renewals for everything, or I will have to renew those certs under config/certs as well?


We also use ACME and the VPN server certifcate on one of our Open Balena servers expired recently. After digging into the code I found out you have to manually renew the VPN certificates after 2 years.