2 files changed, 13 insertions, 1 deletions

diff --git a/modules/certbot/files/generate-pfx b/modules/certbot/files/generate-pfx
new file mode 100644
index 0000000..62d2258
--- /dev/null
+++ b/modules/certbot/files/generate-pfx
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -eu
+set -o pipefail
+
+cd "$RENEWED_LINEAGE"
+openssl pkcs12 -export -out identity.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
diff --git a/modules/certbot/manifests/init.pp b/modules/certbot/manifests/init.pp
index 39102ff..917e8a6 100644
--- a/modules/certbot/manifests/init.pp
+++ b/modules/certbot/manifests/init.pp
@@ -31,10 +31,16 @@ class certbot($config_dir=undef) {
     "${_config_dir}/renewal-hooks/deploy":
       ensure => directory,
       require => File["${_config_dir}/renewal-hooks"];
-    "${_config_dir}/renewal-hooks/deploy/reload-cert":
+    "${_config_dir}/renewal-hooks/deploy/00-generate-pfx":
+      source => 'puppet:///modules/certbot/generate-pfx',
+      mode => '0755',
+      require => File["${_config_dir}/renewal-hooks/deploy"];
+    "${_config_dir}/renewal-hooks/deploy/10-reload-cert":
       source => 'puppet:///modules/certbot/reload-cert',
       mode => '0755',
       require => File["${_config_dir}/renewal-hooks/deploy"];
+    "${_config_dir}/renewal-hooks/deploy/reload-cert":
+      ensure => absent;
     "/usr/local/bin/bootstrap-certbot":
       source => 'puppet:///modules/certbot/bootstrap-certbot',
       mode => '0755';