I'am using OpenVPN-Bridge & PHPKi Contribs for many years without problems. Did you follow all contribs docs and recommendations? You have to issue a certificate for the server first (with CN=openvpn-bridge) and setup it correctly before issue certificates for the clients. In case this certificate expires you should renew it as well.
Certificate Details
(#100015)
openvpn-bridge <admin@fide-assist.com>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1048597 (0x100015)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=BG, ST=SF, L=Sofia, O=Fidelitas Assistance Ltd., OU=Certificate Authority, CN=PHPki Certificate Authority/emailAddress=admin@fide-assist.com
Validity
Not Before: May 13 04:25:55 2019 GMT
Not After : May 12 04:25:55 2024 GMT
Subject: C=BG, ST=SF, L=Sofia, O=Fidelitas Assistance Ltd., O=21232f297a57a5a743894a0e4a801fc3, OU=VPN, CN=openvpn-bridge/emailAddress=admin@fide-assist.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b2:f1:01:d5:f4:77:f7:b8:14:68:eb:26:d6:00:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage: critical
TLS Web Server Authentication
Netscape Cert Type: critical
SSL Server
X509v3 Subject Key Identifier:
55:4D:87:97:9A:78:A8:43:98:98:F2:65:5E:66:E2:2C:53:E4:7E:30
X509v3 Authority Key Identifier:
keyid:58:52:CC:E2:DD:DA:9C:1D:1E:90:54:62:7C:16:79:53:CE:A1:15:8C
DirName:/C=BG/ST=SF/L=Sofia/O=Fidelitas Assistance Ltd./OU=Certificate Authority/CN=PHPki Certificate Authority/emailAddress=admin@fide-assist.com
serial:BE:C2:55:0D:3A:84:4D:5F
X509v3 Subject Alternative Name:
DNS:openvpn-bridge, email:admin@fide-assist.com
Signature Algorithm: sha1WithRSAEncryption
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----