For some uses cases, it is interesting to have a concatenated cert/key file. This single file is mandatory in some services, like haproxy in version 1.8. We are using haproxy with TLS in T195217: Simplify ingress methods for PAWS
We don't have any puppet code to generate such file, which however should be rather easy to generate with something like $ cat file.cert file.key > concat.pem.
The generated file should be regenerated when the source original cert files change, and the generated filed should notify same puppet resources as the original cert files.