From 43b5ea801f4baa162f921769317a6a8ad85576a0 Mon Sep 17 00:00:00 2001
From: neil <neilgit@neilpang.com>
Date: Sun, 21 Apr 2024 11:21:45 +0200
Subject: [PATCH] convert to pkcs12 when renewal fix
 https://github.com/acmesh-official/acme.sh/issues/3474#issuecomment-2058126129

---
 acme.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/acme.sh b/acme.sh
index 1fa47989..d154cf77 100755
--- a/acme.sh
+++ b/acme.sh
@@ -1430,6 +1430,9 @@ _toPkcs() {
   else
     ${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca"
   fi
+  if [ "$?" == "0" ]; then
+    _savedomainconf "Le_PFXPassword" "$pfxPassword"
+  fi
 
 }
 
@@ -5338,6 +5341,12 @@ $_authorizations_map"
   _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr"
   _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime"
 
+  #convert to pkcs12
+  if [ "$Le_PFXPassword" ]; then
+    _toPkcs "$CERT_PFX_PATH" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$Le_PFXPassword"
+  fi
+  export CERT_PFX_PATH
+
   if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then
     _savedomainconf "Le_RealCertPath" "$_real_cert"
     _savedomainconf "Le_RealCACertPath" "$_real_ca"