lego provides PEM-encoded certificate bytes for us

config/letsencrypt/crypto.go

@@ -8,19 +8,6 @@ import (
 	"os"
 )
 
-// saveCertificate saves a DER-encoded (binary format) certificate
-// to file.
-func saveCertificate(certBytes []byte, file string) error {
-	pemCert := pem.Block{Type: "CERTIFICATE", Bytes: certBytes}
-	certOut, err := os.Create(file)
-	if err != nil {
-		return err
-	}
-	pem.Encode(certOut, &pemCert)
-	certOut.Close()
-	return nil
-}
-
 // loadRSAPrivateKey loads a PEM-encoded RSA private key from file.
 func loadRSAPrivateKey(file string) (*rsa.PrivateKey, error) {
 	keyBytes, err := ioutil.ReadFile(file)

config/letsencrypt/letsencrypt.go

@@ -144,7 +144,7 @@ func saveCertsAndKeys(certificates []acme.CertificateResource) error {
 		os.MkdirAll(storage.Site(cert.Domain), 0700)
 
 		// Save cert
-		err := saveCertificate(cert.Certificate, storage.SiteCertFile(cert.Domain))
+		err := ioutil.WriteFile(storage.SiteCertFile(cert.Domain), cert.Certificate, 0600)
 		if err != nil {
 			return err
 		}