You could choose to put these OpenSSL commands in a script and then run that script as a --post-hook.
Using the DNS challenge is another, well, challenge. It depends on how you are going to make changes to your DNS zone, which depends on how your DNS is hosted. Certbot has historically not been very strong in this area, often requiring manual scripting, but recently one of the developers has added some improved support for DNS provider APIs which makes using Certbot with the DNS challenge more convenient in some cases. Still, the way to do it depends entirely on what you have to do to update your DNS records.
Thanks a lot for this answer.
Actually, the conversion problem is the least, for the moment.
I would like to request and export an certificate using the DNS challenge, interactively. The goal is not to automate the whole process.
I plan to make the changes and add the TXT records by hand, when requested by the wizard.
Review version 0.15.0 which now has automatic DNS handlers for some of the more popular DNS services
The command to use is openssl pkcs12 -export -out name of the .pfx file -inkey name of the private certificate key -in name of certificate -passout somepassword
I can give you a python script that looks for new certificates (outside of certbot) and creates PFX files for them.
I.e. look in
etc/live
Find New Certificates
Create PFXs
Put them somewhere