diff --git a/bin/ovpn_initpki b/bin/ovpn_initpki
index 14b8ec9..1f132f4 100755
--- a/bin/ovpn_initpki
+++ b/bin/ovpn_initpki
@@ -15,15 +15,19 @@ source "$OPENVPN/ovpn_env.sh"
 # Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
 nopass=$1
 
+# Download EasyRSA because Ubuntu doesn't have it as a CLI command
+wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz
+tar xvf EasyRSA-3.0.4.tgz
+
 # Provides a sufficient warning before erasing pre-existing files
-easyrsa init-pki
+~/EasyRSA-3.0.4/easyrsa init-pki
 
 # CA always has a password for protection in event server is compromised. The
 # password is only needed to sign client/server certificates.  No password is
 # needed for normal OpenVPN operation.
-easyrsa build-ca $nopass
+~/EasyRSA-3.0.4/easyrsa build-ca $nopass
 
-easyrsa gen-dh
+~/EasyRSA-3.0.4/easyrsa gen-dh
 openvpn --genkey --secret $EASYRSA_PKI/ta.key
 
 # Was nice to autoset, but probably a bad idea in practice, users should
@@ -37,7 +41,7 @@ openvpn --genkey --secret $EASYRSA_PKI/ta.key
 #fi
 
 # For a server key with a password, manually init; this is autopilot
-easyrsa build-server-full "$OVPN_CN" nopass
+~/EasyRSA-3.0.4/easyrsa build-server-full "$OVPN_CN" nopass
 
 # Generate the CRL for client/server certificates revocation.
-easyrsa gen-crl
+~/EasyRSA-3.0.4/easyrsa gen-crl