ad support for pfx files

[geosone]

some server for ex. emby or java require that the cert is in a pfx file
could you add an optin to the server that it woudl generate an pfx file out of the certs.

i have a dumb bash script that is handling the updates of the certs for now and would really like to replace them with your great software.

as you can see there is a password neede for creating an pfx file.

root@nginxproxymanager:/etc/letsencrypt/live# cat /etc/cron.daily/certs-bucket 
#!/usr/bin/env bash

PFX_PASSWORD=securepw
ENDPOINT_URL="https://minio........."

####################################################
set -e

RENEWED_DOMAINS=`ls /etc/letsencrypt/live/`
echo $RENEWED_DOMAINS
for domain in $RENEWED_DOMAINS; do
echo $domain
  DOMAINNAME=`openssl x509 -noout -text -in /etc/letsencrypt/live/$domain/cert.pem | grep DNS: | sed 's/^.*,//' | sed 's/^.*DNS://'`
  cat "/etc/letsencrypt/live/$domain/fullchain.pem" "/etc/letsencrypt/live/$domain/privkey.pem" > /tmp/$DOMAINNAME.pem
  openssl pkcs12 -export -out /tmp/$DOMAINNAME.pfx -inkey "/etc/letsencrypt/live/$domain/privkey.pem" -in "/etc/letsencrypt/live/$domain/cert.pem" -certfile "/etc/letsencrypt/live/$domain/chain.pem" -certfile "/etc/letsencrypt/live/$domain/fullchain.pem" -password pass:$PFX_PASSWORD
   # Just an example, you can use any non-sensitive storage medium you want
  aws --endpoint-url $ENDPOINT_URL s3 cp --follow-symlinks "/etc/letsencrypt/live/$domain/fullchain.pem" "s3://certs/$DOMAINNAME.fullchain"
  aws --endpoint-url $ENDPOINT_URL s3 cp --follow-symlinks "/etc/letsencrypt/live/$domain/chain.pem" "s3://certs/$DOMAINNAME.chain"
  aws --endpoint-url $ENDPOINT_URL s3 cp --follow-symlinks "/etc/letsencrypt/live/$domain/cert.pem" "s3://certs/$DOMAINNAME.crt"
  aws --endpoint-url $ENDPOINT_URL s3 cp --follow-symlinks "/etc/letsencrypt/live/$domain/privkey.pem" "s3://certs/$DOMAINNAME.key"
  aws --endpoint-url $ENDPOINT_URL s3 cp --follow-symlinks "/tmp/$DOMAINNAME.pem" "s3://certs/$DOMAINNAME.pem"
  aws --endpoint-url $ENDPOINT_URL s3 cp --follow-symlinks "/tmp/$DOMAINNAME.pfx" "s3://certs/$DOMAINNAME.pfx"
  rm -f /tmp/$DOMAINNAME.pem
  rm -f /tmp/$DOMAINNAME.pfx
done

[haxwithaxe]

I can see a post update hook on the server being a good idea. That won't happen soon but I'll add it to the todo list.

I will also add the ability to have the server send arbitrary file names to the todo list.

[geosone]

by the way coudl you also add needs_cert as we have a dumb system that can only handle the cert no chain. it erros out with "malformed certificate" some really old software i patched it too support newer ssl but the cert handling would be a complete rewrite.

[haxwithaxe]

I think I'll lump that in with the arbitrary file names. I'm glad to have the feedback. I've just been doing things I need/want. It's good to know how I can make this better for other people too.