diff --git a/dns-pfx-helper/entrypoint.sh b/dns-pfx-helper/entrypoint.sh
new file mode 100644
index 0000000..210b89a
--- /dev/null
+++ b/dns-pfx-helper/entrypoint.sh
@@ -0,0 +1,20 @@
+!/usr/bin/env fish
+
+set cert_file ./mnt/in/priv-fullchain-bundle.pem
+set pfx_file ./mnt/out/cert.pfx
+set password $PFX_PASSWORD
+
+# touch $cert_file
+
+echo "pass: $password"
+
+# Initial conversion
+openssl pkcs12 -export -out $pfx_file -inkey $cert_file -in $cert_file -password pass:$password
+
+# Watch for changes and convert
+while true
+    inotifywait -e modify $cert_file
+    echo "refreshing key"
+    openssl pkcs12 -export -out $pfx_file -inkey $cert_file -in $cert_file -password pass:$password
+    sleep 1 # prevent failloop
+end
\ No newline at end of file