diff --git a/bootstrapper/Dockerfile b/bootstrapper/Dockerfile
index b2486a93..5fc5c878 100644
--- a/bootstrapper/Dockerfile
+++ b/bootstrapper/Dockerfile
@@ -3,6 +3,8 @@ FROM smallstep/step-cli:0.26.0
 USER root
 ENV CRT="/var/run/autocert.step.sm/site.crt"
 ENV KEY="/var/run/autocert.step.sm/site.key"
+ENV P12="/var/run/autocert.step.sm/site.p12"
+ENV PEM="/var/run/autocert.step.sm/site.pem"
 ENV STEP_ROOT="/var/run/autocert.step.sm/root.crt"
 
 COPY bootstrapper/bootstrapper.sh /home/step/
diff --git a/bootstrapper/bootstrapper.sh b/bootstrapper/bootstrapper.sh
index 1b2d5f47..3dd9be3c 100644
--- a/bootstrapper/bootstrapper.sh
+++ b/bootstrapper/bootstrapper.sh
@@ -8,24 +8,25 @@ then
 fi
 
 # Download the root certificate and set permissions
+step ca root $STEP_ROOT
+
 if [ "$DURATION" == "" ];
 then
     step ca certificate $COMMON_NAME $CRT $KEY
 else
     step ca certificate --not-after $DURATION $COMMON_NAME $CRT $KEY
 fi
-
-step ca root $STEP_ROOT
+cat $CRT $KEY > $PEM
+step certificate p12 $P12 $CRT $KEY --no-password --insecure --force
 
 if [ -n "$OWNER" ]
 then
-    chown "$OWNER" $CRT $KEY $STEP_ROOT
+    chown "$OWNER" $CRT $KEY $STEP_ROOT $P12 $PEM
 fi
 
 if [ -n "$MODE" ]
 then
-    chmod "$MODE" $CRT $KEY $STEP_ROOT
+    chmod "$MODE" $CRT $KEY $STEP_ROOT $P12 $PEM
 else
-    chmod 644 $CRT $KEY $STEP_ROOT
+    chmod 644 $CRT $KEY $STEP_ROOT $P12 $PEM
 fi
-
diff --git a/renewer/Dockerfile b/renewer/Dockerfile
index 0e3a9536..2ab6ced0 100644
--- a/renewer/Dockerfile
+++ b/renewer/Dockerfile
@@ -3,6 +3,11 @@ FROM smallstep/step-cli:0.26.0
 USER root
 ENV CRT="/var/run/autocert.step.sm/site.crt"
 ENV KEY="/var/run/autocert.step.sm/site.key"
+ENV P12="/var/run/autocert.step.sm/site.p12"
+ENV PEM="/var/run/autocert.step.sm/site.pem"
 ENV STEP_ROOT="/var/run/autocert.step.sm/root.crt"
 
-ENTRYPOINT ["/bin/bash", "-c", "step ca renew --daemon $CRT $KEY"]
+COPY renewer/renewerexec.sh /home/step/
+RUN chmod +x /home/step/renewerexec.sh
+
+ENTRYPOINT ["/bin/bash", "-c", "step ca renew --daemon --exec /home/step/renewerexec.sh $CRT $KEY"]
diff --git a/renewer/renewerexec.sh b/renewer/renewerexec.sh
new file mode 100644
index 00000000..ec72efaf
--- /dev/null
+++ b/renewer/renewerexec.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+cat $CRT $KEY > $PEM
+step certificate p12 $P12 $CRT $KEY --no-password --insecure --force
\ No newline at end of file