Improvement: allow producing "full chain certificate"

[myxal]

Cheers. I just finished setting up an LXC container with NPM and certbun, and noticed that NPM uses only the full certificate chain, which certbun doesn't produce.
Producing the chain is not difficult, but there are some pitfalls:

• User must know the order in which the certificates are concatenated.
• The pem file for domain cert. does not end with a newline, requiring a manual fixup.

Additionally, if the server requires full chain certificate to function, then the concatenation steps must be somehow squeezed into/before the "server restart" command.

Not sure how many people use certbun with NPM (as NPM already has a bundled Let's Encrypt generation/refresh tool), but I would have appreciated if certbun config had an optional setting like fullchainCertLocation where certbun would output the concatenated certificate chain. (Anyone not wishing to have the certificated could set it to /dev/null as I'm currently doing with public key).

In the meantime, I'm using the following commandToReloadWebserver to deal with NPM:

cat /tmp/domain.cert.pem <(echo) /tmp/intermediate.cert.pem > /data/custom_ssl/npm-1/fullchain.pem && rm /tmp/domain.cert.pem /tmp/intermediate.cert.pem && rc-service openresty restart