This guide is for setting up an OpenVPN server on Ubuntu 18.04, there are some similarities between the 16.04 and 18.04 guides, mostly in the parts dealing with EasyRSA.

Start by logging into the OpenVPN machine and creating the certificate request for which the Certificate Authority will sign.

With a passcode:

$ cd ~/EasyRSA-3.0.x
$ ./easyrsa gen-req <cert_name>

Without a passcode:

$ cd ~/EasyRSA-3.0.x
$ ./easyrsa gen-req <cert_name> nopass

Copy the resulting file <cert_name>.key to the ~/client-configs/keys/ directory.

cp pki/private/<cert_name>.key ~/client-configs/keys/

Transfer the <cert_name>.req to the CA machine using whatever method you wish. I use SFTP from the CA machine to connect to the OpenVPN server and pull down the file.

On the CA machine, import the certificate request and generate the certificate.

cd EasyRSA-3.0.x/
./easyrsa import-req <cert_name>.req <cert_name>
./easyrsa sign-req client <cert_name>

Once completed, again using SFTP, copy the resulting <cert_name>.key to the ~/client-configs/files/ directory on the OpenVPN server. Now you can create the ovpn config file.

On the OpenVPN machine:

cd ~/client-configs
sudo ./make_config.sh <cert_name>

This will create the <cert_name>.ovpn file in ~/client-configs/files