keychain-import.sh does not import the certificate with the private key properly

[cohortswitchback]

The certificate gets added to Keychain Access.app, but it appears to be orphaned from its private key (which would normally show up underneath it). Conversely, you can usually see when filtering to private key the certificate underneath it. Server.app won't show the certificate. Trying to pull it in manually won't work because it asks for the passphrase, which is presumably generated with " PASS=$(openssl rand -base64 45 | tr -d /=+ | cut -c -30)" and isn't stored.

[cohortswitchback]

This was after manually setting a password and manual transform of PEM files into p12 format. I then manually added the cert to Server.app and then it showed up properly in KeyChain access. This is on Mac OS 12.3.1.

My hunch is, both of these steps in the script are not completing all the way:

# Import the p12 file into the keychain
    security import "${PEM_FOLDER}/letsencrypt_sslcert.p12" -f pkcs12 -k /Library/Keychains/System.keychain -P $PASS -T /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/ServerManagerDaemon.bundle/Contents/MacOS/servermgrd

    # Delete the older certificate from the keychain
    security delete-certificate -Z $(security find-identity -v -p ssl-server -s ${DOMAIN} | grep "1)" | cut -d " " -f 4) -t /Library/Keychains/System.keychain