Posh ACME Versions Save

PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)

v4.23.0

1 week ago
  • Added support for DNSimple user tokens which should allow for certs with names that span domains in multiple accounts.
  • Added warning in GoDaddy guide about newly imposed limits on API access. (Thanks @webprofusion-chrisc)
  • Fixed DNSimple plugin not removing challenge records (#548).
  • Fixed cascading errors on public functions when running with little or no existing config. (#544)
  • Fixed OVH plugin on PowerShell 5.1 by removing an accidentally added ternary operator. (#545) (Thanks @joshooaj)

v4.22.0

1 month ago
  • New DNS plugin WebsupportSK. This will be useful to Active24 users who have been migrated to the new provider.
  • Added additional debug logging for Active24 plugin.

v4.21.0

2 months ago
  • New DNS plugin WEDOS
  • Fixed OVH bug that prevented record creation at a zone apex most common when using DNS Alias support. Also added doc warning about time skew and better debug logging. (#535)

v4.20.0

5 months ago
  • New DNS plugin PowerDNS
  • Fixed duplicate identifiers in the Domain parameter causing errors with some ACME servers. Identifiers will now be deduplicated prior to being saved and sent to the ACME server. (#517)
  • Added WSHDelayAfterStart param to the WebSelfHost plugin which adds a configurable delay between when the challenge listener starts up and when it asks the ACME server to validate the challenges. (#518)
  • Orders where the MainDomain is longer than 64 characters will not include a CN value in the Subject field of the certificate request sent to the ACME server. CNs longer than 64 characters were already being rejected by some CAs like Let's Encrypt because the x509 spec doesn't allow for it. More Info

v4.19.0

8 months ago
  • New DNS plugins
    • HurricaneElectricDyn This is an alternative to the existing HurricaneElectric plugin that uses the DynDNS API instead of web scraping. (Thanks @jbrunink)
    • ZoneEdit (#495)
  • The CSRPath parameter in New-PAOrder and New-PACertificate will now accept the raw string contents of a CSR file instead of just the path to a file. (#503)
  • The Simply plugin has been renamed to SimplyCom at the request of the provider. The new version is exactly the same. The old version will remain until the next major release. Users should update their renewal configs to use the new version to prevent future breakage. Set-PAOrder -Plugin SimplyCom
  • Added a workaround to a temporary problem with the Simply.com API in case the issue pops up again. (#502)
  • The Route53 plugin now uses IMDSv2 when using the IAM Role support. (#509)

v4.18.0

10 months ago
  • The POSHACME_HOME environment variable now supports Windows-style (surrounded by %) environment variable expansion. (#497)
    • So you can set the value to %ProgramData%\Posh-ACME instead of needing to set it explicitly to C:\ProgramData\Posh-ACME for example.
    • NOTE: This requires Windows-style environment variable strings even on non-Windows OSes.
  • The Azure plugin no longer tries to re-use cached authentication tokens when using the AZAccessToken parameter set. (#498)
  • Fixed a bug with the Azure plugin that broke authentication when submitting multiple orders with different credentials from different tenants. (#498)
  • Fixed a problem using Posh-ACME within AWS Lambda due to non-standard dotnet runtime assembly configs. (#418) (Thanks @garthmccormack)
    • This fix involved changing the RevocationReasons enum from a .NET type to a PowerShell native enum.
    • The change constitutes a minor breaking change which makes the enum no longer accessible from outside the module's context, but tab completion and string converted values for the Revoke-PACertificate -Reason parameter work exactly the same as before.

v4.17.1

1 year ago
  • Fixed Hetzner plugin for accounts with 100+ zones. (#481) (Thanks @Deutschi)
  • Fixed RFC2136 plugin ignoring the DDNSNameserver parameter when set. (#485) (Thanks @gvengel)

v4.17.0

1 year ago
  • New DNS plugins
    • Google Domains This should be considered experimental while the Google Domains ACME API is still in testing. (Thanks @webprofusion-chrisc)
    • IONOS (Thanks @RLcyberTech)
    • SSHProxy sends update requests via SSH to another server which is able to do dynamic updates against your chosen DNS provider. (Thanks @bretgiddings)
  • The DDNSNameserver parameter is no longer mandatory in the RFC2136 plugin which will make nsupdate try to use whatever primary nameserver is returned from an SOA query.
  • Added Basic authentication support to the AcmeDns plugin which should allow it to be used against endpoints that enforce that such as Certify DNS.
  • Added support for plugin parameters that are arrays of SecureString or PSCredential objects.
  • Fixed PAServer switches getting reset on Set-PAServer with no params (#475)

v4.16.0

1 year ago
  • New DNS plugins
  • Added -Subject parameter to New-PACertificate, New-PAOrder, and Set-PAOrder which will override the default x509 Subject field in the certificate request sent to the ACME CA. This can be useful for private CAs that allow for additional attributes in the Subject that public CAs don't.
  • Fix for undocumented NameSilo API change. (Thanks @rkone)
  • Fix for All-Inkl plugin that makes the plaintext KasPwd parameter actually send plaintext since All-Inkl has deprecated the SHA1 option.

v4.15.1

1 year ago
  • Reverted the embedded BouncyCastle library back to 1.8.8 due to version conflicts with Az.KeyVault in PowerShell 6+. This is temporary while a suitable workaround for version conflicts in other modules is explored.
  • Fixed Domeneshop plugin when publishing apex TXT records and added more API output to debug messages.