Releases · rmbolger/Posh-ACME

The current ACME server directory endpoint is now refreshed on module import to ensure server changes are reflected before actions are performed. If the previously used ACME server is unreachable, a warning is thrown and previously cached data is used.
- This should fix anyone who is getting 404 errors when renewing Let's Encrypt certs due to an unannounced change to their ARI endpoint. Users can also fix this problem without upgrading by running Get-PAServer -Refresh.

Fixed param set resolution error with New-PACertificate when using CSRPath/CSRString params (#629)
Added workaround for non-compliant order response from KeyFactor ACME provider (#626)
Added additional logging to DuckDNS plugin (#628)
Tweaked debug output for ACME responses for better human readability

Fix Route53 plugin when used with AWS Tools for PowerShell 5.x (#627)

@Tim81

New DNS Plugins
- Netcup (#602)
- TransIP (#622) (Thanks @Tim81)
Added -IgnoreContact switch to Set-PAServer (#619)
- ALL USERS of LET'S ENCRYPT, this switch works around a bug that causes a new account to be created for every renewal after LE shut down their automated email warning service.
- This option causes the module to ignore any -Contact parameters in functions that support it when using the associated server.
- It will be enabled by default on new installs that use Let's Encrypt. But existing users will need to manually enable it OR simply stop using the -Contact parameter in your scripts when using Let's Encrypt ACME endpoints.
Added AZAccessTokenSecure param for Azure plugin (#618)
Added WinSkipCACheck switch to Windows plugin (#613)
Added WinNoCimSession switch to Windows plugin (#600) (Thanks @rhochmayr)
Fix: Changing an order's PfxPass no longer shows the new value in Verbose output (#604)
Fix: New-PACertificate no longer shows plaintext PfxPass in debug log (#604)
Fixed a bug in New-PACertificate that would unnecessarily create a new order when an existing unfinished order could have been continued
Fixed a couple minor bugs related to switching profiles when creating new orders that match existing orders.
Fix: Added a workaround for non-compliant order response from GoDaddy's ACME implementation (#611)
Fixed PowerDNS plugin when using limited API key that doesn't have access to all hosted zones (#617) (Thanks @joachimcarrein)
Removed the Warning message when creating a new ACME account with no -Contact parameter.

@jamiekowalczik

New efficient iP SOLIDserver DDI plugin. Thanks @jamiekowalczik for the initial PR and @alexissavin for providing a test platform and API guidance.
Experimental support for the new ACME Profiles extension. This is still a very early draft standard and subject to change, but Let's Encrypt is already rolling out support this year as part of their short-lived certificates initiative. More info here.
Fixed Route53 plugin when used with accounts that have many hosted zones. (#593)
Fixed a bug with DeSEC plugin that was caused by the previous fix for #584. (#598)
Added better debug logging for DeSEC plugin.
Azure cert thumbprint auth now works on Linux for certs in the "CurrentUser" store. (Thanks @Eric2XU)
Fixed a bug with Azure cert thumbprint auth on Windows that could throw errors when using certificates with non-exportable private keys.
Added better debug logging for Azure plugin.
AcmeException objects thrown by the module now include the lower level HTTP response exception as an InnerException.

@andreashaerter

New DNS Plugins
- INWX (Thanks @andreashaerter)
- EuroDNSReseller Check the guide on this one. It's only currently usable by reseller partners of EuroDNS and not direct EuroDNS customers. (Thanks @zoryatix)
Fixed WEDOS plugin to handle different response types for dns-domains-list API call (#579)
Publish-Challenge and Unpublish-Challenge now strip trailing . chars from the RecordName they pass to plugins in order to make edge-case parsing more predictable.
Added additional ARI related error handling in New-PAOrder to more gracefully handle problems with the replaces field. (#587)
Added additional error handling in the config import process to better deal with unexpected config states. (#587)
Fixed a bug in the plugin development guide code that suggests how to parse short names from a RecordName and ZoneName value. The bug wouldn't correctly parse the short name in FQDNs that contained more than one instance of the zone name. (#584)
Fixed all of the plugins that had implemented the bugged short name parsing algorithm.
- Active24
- Aliyun
- All-Inkl
- Aurora
- AutoDNS
- Azure
- BlueCat
- Bunny
- ClouDNS
- Combell
- Constellix
- CoreNetworks
- DMEasy
- DNSPod
- DNSimple
- DOcean
- DeSEC
- Domeneshop
- EasyDNS
- Easyname
- FreeDNS
- Gandi
- GoDaddy
- Hetzner
- IBMSoftLayer
- ISPConfig
- Infomaniak
- Linode
- Loopia
- NameCom
- NameSilo
- Namecheap
- OVH
- OnlineNet
- PointDNS
- Porkbun
- PortsManagement
- Regru
- Simply
- SimplyCom
- TencentDNS
- TotalUptime
- WEDOS
- WebsupportSK
- Windows
- Yandex

New DNS plugin AddrTools (#572)
Porkbun plugin updated with new API endpoint. Vendor decommissioning old endpoint on 2024-12-01. Please upgrade before then. (#570)
Porkbun plugin added retry mechanic to deal with rate limiting errors.
Fixed ARI related date parsing bug when using PowerShell 7+. (#578)

Fix Azure IMDS auth for Arc-enabled servers

@xiaotiannet

New DNS plugins
- TencentDNS which is a new plugin for DNSPod that uses the Tencent Cloud API which will eventually be required when the old DNSPod API is terminated. (#553) (Thanks @xiaotiannet)
- OnlineNet which is Scaleway's legacy DNS API managed through console.online.net. (#557)
Gandi plugin now supports Personal Access Tokens (PAT) auth in addition to legacy API Keys (#554)
NameCom plugin now has better error handling and debug logs. NameCom users with 2FA enabled should also review the user guide about a setting that could break API access. (#556)
Minor logging fix for Active24 plugin.
Fixed a bug with ARI implementation that would fail renewals when the ACME server believes the replaced cert had already been replaced. (#560)
Fixed a bug with ARI implementation that would throw errors when the cert being replaced did not contain an AKI extention. (#561)

@henrikalves

DomainOffensive plugin updated with new API root and documentation links. (Thanks @henrikalves)
Added ARI (ACME Renewal Information) support based on draft 04. This should be considered experimental until the RFC is finalized.
- ARIId and Serial fields have been added to the output of Get-PACertificate
- DisableARI switch added to Set-PAServer which disables ARI support for the server even it would otherwise be supported. This will primarily be useful if the ARI draft changes enough to break the current support and CAs update their implementations before the module can be updated. It may also be useful for providers with existing ARI support from an older unsupported draft.
- ReplacesCert parameter added to New-PAOrder which takes an ARIId string as returned by Get-PACertificate. This will be ignored if the current ACME server doesn't support ARI or support has been explicitly disabled via Set-PAServer.
- Order refreshes now perform an ARI check if supported and not disabled. The RenewAfter field is updated if the response indicates it is necessary.
- Submit-Renewal now triggers an order refresh if ARI is supported and not disabled.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Contributors

Uh oh!

Contributors

Uh oh!

Contributors

Uh oh!

Uh oh!

Uh oh!

Contributors

Uh oh!

Contributors

Uh oh!

Uh oh!

Releases: rmbolger/Posh-ACME

v4.29.3

Uh oh!

v4.29.2

Uh oh!

v4.29.1

Uh oh!

v4.29.0

Contributors

Uh oh!

v4.28.0

Contributors

Uh oh!

v4.27.0

Contributors

Uh oh!

v4.26.0

Uh oh!

v4.25.1

Uh oh!

v4.25.0

Contributors

Uh oh!

v4.24.0

Contributors

Uh oh!