Releases · rmbolger/Posh-ACME · GitHub

19 Jun 16:44

DomainOffensive plugin updated with new API root and documentation links. (Thanks @henrikalves)
Added ARI (ACME Renewal Information) support based on draft 04. This should be considered experimental until the RFC is finalized.
- ARIId and Serial fields have been added to the output of Get-PACertificate
- DisableARI switch added to Set-PAServer which disables ARI support for the server even it would otherwise be supported. This will primarily be useful if the ARI draft changes enough to break the current support and CAs update their implementations before the module can be updated. It may also be useful for providers with existing ARI support from an older unsupported draft.
- ReplacesCert parameter added to New-PAOrder which takes an ARIId string as returned by Get-PACertificate. This will be ignored if the current ACME server doesn't support ARI or support has been explicitly disabled via Set-PAServer.
- Order refreshes now perform an ARI check if supported and not disabled. The RenewAfter field is updated if the response indicates it is necessary.
- Submit-Renewal now triggers an order refresh if ARI is supported and not disabled.

Contributors

henrikalves

Assets 2

23 May 20:56

Fix DNSimple plugin not properly ignoring 404 API errors on PowerShell 5.1 (#549)

Assets 2

04 May 07:18

Added support for DNSimple user tokens which should allow for certs with names that span domains in multiple accounts.
Added warning in GoDaddy guide about newly imposed limits on API access. (Thanks @webprofusion-chrisc)
Fixed DNSimple plugin not removing challenge records (#548).
Fixed cascading errors on public functions when running with little or no existing config. (#544)
Fixed OVH plugin on PowerShell 5.1 by removing an accidentally added ternary operator. (#545) (Thanks @joshooaj)

Contributors

webprofusion-chrisc and joshooaj

Assets 2

13 Apr 06:09

New DNS plugin WebsupportSK. This will be useful to Active24 users who have been migrated to the new provider.
Added additional debug logging for Active24 plugin.

Assets 2

08 Mar 22:58

New DNS plugin WEDOS
Fixed OVH bug that prevented record creation at a zone apex most common when using DNS Alias support. Also added doc warning about time skew and better debug logging. (#535)

Assets 2

13 Dec 05:43

New DNS plugin PowerDNS
Fixed duplicate identifiers in the Domain parameter causing errors with some ACME servers. Identifiers will now be deduplicated prior to being saved and sent to the ACME server. (#517)
Added WSHDelayAfterStart param to the WebSelfHost plugin which adds a configurable delay between when the challenge listener starts up and when it asks the ACME server to validate the challenges. (#518)
Orders where the MainDomain is longer than 64 characters will not include a CN value in the Subject field of the certificate request sent to the ACME server. CNs longer than 64 characters were already being rejected by some CAs like Let's Encrypt because the x509 spec doesn't allow for it. More Info

Assets 2

26 Aug 17:03

New DNS plugins
- HurricaneElectricDyn This is an alternative to the existing HurricaneElectric plugin that uses the DynDNS API instead of web scraping. (Thanks @jbrunink)
- ZoneEdit (#495)
The CSRPath parameter in New-PAOrder and New-PACertificate will now accept the raw string contents of a CSR file instead of just the path to a file. (#503)
The Simply plugin has been renamed to SimplyCom at the request of the provider. The new version is exactly the same. The old version will remain until the next major release. Users should update their renewal configs to use the new version to prevent future breakage. Set-PAOrder -Plugin SimplyCom
Added a workaround to a temporary problem with the Simply.com API in case the issue pops up again. (#502)
The Route53 plugin now uses IMDSv2 when using the IAM Role support. (#509)

Contributors

jbrunink

Assets 2

28 Jun 06:35

The POSHACME_HOME environment variable now supports Windows-style (surrounded by %) environment variable expansion. (#497)
- So you can set the value to %ProgramData%\Posh-ACME instead of needing to set it explicitly to C:\ProgramData\Posh-ACME for example.
- NOTE: This requires Windows-style environment variable strings even on non-Windows OSes.
The Azure plugin no longer tries to re-use cached authentication tokens when using the AZAccessToken parameter set. (#498)
Fixed a bug with the Azure plugin that broke authentication when submitting multiple orders with different credentials from different tenants. (#498)
Fixed a problem using Posh-ACME within AWS Lambda due to non-standard dotnet runtime assembly configs. (#418) (Thanks @garthmccormack)
- This fix involved changing the RevocationReasons enum from a .NET type to a PowerShell native enum.
- The change constitutes a minor breaking change which makes the enum no longer accessible from outside the module's context, but tab completion and string converted values for the Revoke-PACertificate -Reason parameter work exactly the same as before.

Contributors

garthmccormack

Assets 2

29 Mar 20:57

Fixed Hetzner plugin for accounts with 100+ zones. (#481) (Thanks @Deutschi)
Fixed RFC2136 plugin ignoring the DDNSNameserver parameter when set. (#485) (Thanks @gvengel)

Contributors

Deutschi and gvengel

Assets 2

21 Feb 07:03

New DNS plugins
- Google Domains This should be considered experimental while the Google Domains ACME API is still in testing. (Thanks @webprofusion-chrisc)
- IONOS (Thanks @RLcyberTech)
- SSHProxy sends update requests via SSH to another server which is able to do dynamic updates against your chosen DNS provider. (Thanks @bretgiddings)
The DDNSNameserver parameter is no longer mandatory in the RFC2136 plugin which will make nsupdate try to use whatever primary nameserver is returned from an SOA query.
Added Basic authentication support to the AcmeDns plugin which should allow it to be used against endpoints that enforce that such as Certify DNS.
Added support for plugin parameters that are arrays of SecureString or PSCredential objects.
Fixed PAServer switches getting reset on Set-PAServer with no params (#475)

Contributors

webprofusion-chrisc, bretgiddings, and RLcyberTech

Assets 2