Just came across this when trying to add access to a new OpenVPN client. After a lot of rooting around I discovered that
keys/ca.key, although the file existed, had been zeroed out.
Pretty sneaky, Sis.
Had to generate a new ca.key and then build new certs for all existing clients.