Add support for P12 and PEM formats in bootstrapper and renewer

bootstrapper/Dockerfile

@@ -3,6 +3,8 @@ FROM smallstep/step-cli:0.26.0
 USER root
 ENV CRT="/var/run/autocert.step.sm/site.crt"
 ENV KEY="/var/run/autocert.step.sm/site.key"
+ENV P12="/var/run/autocert.step.sm/site.p12"
+ENV PEM="/var/run/autocert.step.sm/site.pem"
 ENV STEP_ROOT="/var/run/autocert.step.sm/root.crt"
 
 COPY bootstrapper/bootstrapper.sh /home/step/

bootstrapper/bootstrapper.sh

@@ -8,24 +8,25 @@ then
 fi
 
 # Download the root certificate and set permissions
+step ca root $STEP_ROOT
+
 if [ "$DURATION" == "" ];
 then
     step ca certificate $COMMON_NAME $CRT $KEY
 else
     step ca certificate --not-after $DURATION $COMMON_NAME $CRT $KEY
 fi
-
-step ca root $STEP_ROOT
+cat $CRT $KEY > $PEM
+step certificate p12 $P12 $CRT $KEY --no-password --insecure --force
 
 if [ -n "$OWNER" ]
 then
-    chown "$OWNER" $CRT $KEY $STEP_ROOT
+    chown "$OWNER" $CRT $KEY $STEP_ROOT $P12 $PEM
 fi
 
 if [ -n "$MODE" ]
 then
-    chmod "$MODE" $CRT $KEY $STEP_ROOT
+    chmod "$MODE" $CRT $KEY $STEP_ROOT $P12 $PEM
 else
-    chmod 644 $CRT $KEY $STEP_ROOT
+    chmod 644 $CRT $KEY $STEP_ROOT $P12 $PEM
 fi
-

renewer/Dockerfile

@@ -3,6 +3,11 @@ FROM smallstep/step-cli:0.26.0
 USER root
 ENV CRT="/var/run/autocert.step.sm/site.crt"
 ENV KEY="/var/run/autocert.step.sm/site.key"
+ENV P12="/var/run/autocert.step.sm/site.p12"
+ENV PEM="/var/run/autocert.step.sm/site.pem"
 ENV STEP_ROOT="/var/run/autocert.step.sm/root.crt"
 
-ENTRYPOINT ["/bin/bash", "-c", "step ca renew --daemon $CRT $KEY"]
+COPY renewer/renewerexec.sh /home/step/
+RUN chmod +x /home/step/renewerexec.sh
+
+ENTRYPOINT ["/bin/bash", "-c", "step ca renew --daemon --exec /home/step/renewerexec.sh $CRT $KEY"]

renewer/renewerexec.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+cat $CRT $KEY > $PEM
+step certificate p12 $P12 $CRT $KEY --no-password --insecure --force