Thanks for your help! Hmmm, okay but this looks like a lot of overhead compared to the idea that froxlor could just create the files like root:ssl-cert, doesn't it? Just a guess: wasn't it the intention to create them like that? I mean since the directory froxlor-custom is owned like that? In my eyes this would be a powerful feature working out of the box like: just add your user to the group "ssl-cert" and you are ready to reuse the (automatically updated) certificates, yay! ... ?
Edit: or simply a new group like "froxlor-cert"