Export Traefik Certificates


Traefik saves its Let’s Encrypt certificates per default into a acme.json file. For each certificate it creates an object which includes the certificates and the private key. Those values are stored as a Base64 encoded string. These can be exported pretty easy through a bash script. I made my own version but took a lot from this stackoverflow question.


You will need to install these linux packages:

  • jq
  • openssl (optional)


Simply store your acme.json file and the getcertificates.sh script in the same directory and make sure you gave the file permission to be executed. The script will create a new directory called “certificates” for each domain it will store the certificate as a.cer and the private key as a .key file. You can choose to export as pfx as well.


# Requirements: you will need to install jq and maybe openssl

# creates a directory for all of your certificates
mkdir -p certificates/

# reads the acme.json file, please put this file in the same directory as your script
json=$(cat acme.json)

export_cer_key () {
    echo $json | jq -r '.[].Certificates[] | select(.domain.main == "'$1'") | .certificate' | base64 -d > certificates/$1.cer
    echo $json | jq -r '.[].Certificates[] | select(.domain.main == "'$1'") | .key' | base64 -d > certificates/$1.key

export_pfx () {
        openssl pkcs12 -export -out certificates/$domain.pfx -inkey certificates/$domain.key -in certificates/$domain.cer -passout pass: 

read -p "Do you want to export as .pfx file as well [y]?" REPLY

# iterates through all of your domains
for domain in $(echo $json | jq -r '.[].Certificates[].domain.main')
    if [[ $REPLY =~ ^[Yy]$ ]]
        export_cer_key "$domain"
        export_pfx "$domain"
        export_cer_key "$domain"

1 thought on “Export Traefik Certificates”

  1. Pingback: Route SSTP through a Traefik instance – R4UCH IT Blog

Leave a Comment

Your email address will not be published. Required fields are marked *