From 7c2a31e4953f7d4734d880470ed1a18f77b27261 Mon Sep 17 00:00:00 2001
From: Ruben <ruben@dmz.skyfritt.net>
Date: Tue, 8 Apr 2025 15:07:19 +0200
Subject: [PATCH] Split certificate and key into separate PEM files

---
 certman.sh | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/certman.sh b/certman.sh
index 41442fb..2ea59a1 100755
--- a/certman.sh
+++ b/certman.sh
@@ -87,7 +87,8 @@ download_and_verify_cert() {
     local key_api_key=$3
     local temp_cert="$TEMP_DIR/$domain.crt"
     local temp_key="$TEMP_DIR/$domain.key"
-    local temp_fullchain="$TEMP_DIR/$domain.pem"
+    local temp_cert_pem="$TEMP_DIR/$domain.cert.pem"
+    local temp_key_pem="$TEMP_DIR/$domain.key.pem"
 
     echo -e "${BLUE}Processing certificate for $domain${NC}"
 
@@ -111,9 +112,10 @@ download_and_verify_cert() {
         return 1
     fi
 
-    # Create fullchain PEM if requested
+    # Create PEM files if requested
     if [ "$FULLCHAIN_PEM" = "true" ]; then
-        cat "$temp_cert" "$temp_key" > "$temp_fullchain"
+        cat "$temp_cert" > "$temp_cert_pem"
+        cat "$temp_key" > "$temp_key_pem"
     fi
 
     # Validate certificate and key match
@@ -137,10 +139,12 @@ install_certificate() {
     local domain=$1
     local final_cert="$CERT_PATH/$domain.crt"
     local final_key="$KEY_PATH/$domain.key"
-    local final_fullchain="$CERT_PATH/$domain.pem"
+    local final_cert_pem="$CERT_PATH/$domain.cert.pem"
+    local final_key_pem="$KEY_PATH/$domain.key.pem"
     local temp_cert="$TEMP_DIR/$domain.crt"
     local temp_key="$TEMP_DIR/$domain.key"
-    local temp_fullchain="$TEMP_DIR/$domain.pem"
+    local temp_cert_pem="$TEMP_DIR/$domain.cert.pem"
+    local temp_key_pem="$TEMP_DIR/$domain.key.pem"
     local needs_reload=0
 
     # Check if certificate needs updating
@@ -162,15 +166,15 @@ install_certificate() {
         fi
 
         if [ "$FULLCHAIN_PEM" = "true" ]; then
-            if ! cp -f "$temp_fullchain" "$final_fullchain"; then
-                echo -e "${RED}Failed to install fullchain PEM for $domain${NC}"
+            if ! cp -f "$temp_cert_pem" "$final_cert_pem" || ! cp -f "$temp_key_pem" "$final_key_pem"; then
+                echo -e "${RED}Failed to install PEM files for $domain${NC}"
                 return 1
             fi
         fi
 
         # Set permissions and ownership
         local files=("$final_cert" "$final_key")
-        [ "$FULLCHAIN_PEM" = "true" ] && files+=("$final_fullchain")
+        [ "$FULLCHAIN_PEM" = "true" ] && files+=("$final_cert_pem" "$final_key_pem")
 
         for file in "${files[@]}"; do
             if ! chown "$CERT_OWNER:$CERT_GROUP" "$file" || \