v4.26.0

• New DNS plugin AddrTools (#572)
• Porkbun plugin updated with new API endpoint. Vendor decommissioning old endpoint on 2024-12-01. Please upgrade before then. (#570)
• Porkbun plugin added retry mechanic to deal with rate limiting errors.
• Fixed ARI related date parsing bug when using PowerShell 7+. (#578)

v4.25.1

• Fix Azure IMDS auth for Arc-enabled servers

v4.25.0

• New DNS plugins
  • TencentDNS which is a new plugin for DNSPod that uses the Tencent Cloud API which will eventually be required when the old DNSPod API is terminated. (#553) (Thanks @xiaotiannet)
  • OnlineNet which is Scaleway's legacy DNS API managed through console.online.net. (#557)
• Gandi plugin now supports Personal Access Tokens (PAT) auth in addition to legacy API Keys (#554)
• NameCom plugin now has better error handling and debug logs. NameCom users with 2FA enabled should also review the user guide about a setting that could break API access. (#556)
• Minor logging fix for Active24 plugin.
• Fixed a bug with ARI implementation that would fail renewals when the ACME server believes the replaced cert had already been replaced. (#560)
• Fixed a bug with ARI implementation that would throw errors when the cert being replaced did not contain an AKI extention. (#561)

v4.24.0

• DomainOffensive plugin updated with new API root and documentation links. (Thanks @henrikalves)
• Added ARI (ACME Renewal Information) support based on draft 04. This should be considered experimental until the RFC is finalized.
  • ARIId and Serial fields have been added to the output of Get-PACertificate
  • DisableARI switch added to Set-PAServer which disables ARI support for the server even it would otherwise be supported. This will primarily be useful if the ARI draft changes enough to break the current support and CAs update their implementations before the module can be updated. It may also be useful for providers with existing ARI support from an older unsupported draft.
  • ReplacesCert parameter added to New-PAOrder which takes an ARIId string as returned by Get-PACertificate. This will be ignored if the current ACME server doesn't support ARI or support has been explicitly disabled via Set-PAServer.
  • Order refreshes now perform an ARI check if supported and not disabled. The RenewAfter field is updated if the response indicates it is necessary.
  • Submit-Renewal now triggers an order refresh if ARI is supported and not disabled.

v4.23.1

• Fix DNSimple plugin not properly ignoring 404 API errors on PowerShell 5.1 (#549)

v4.23.0

• Added support for DNSimple user tokens which should allow for certs with names that span domains in multiple accounts.
• Added warning in GoDaddy guide about newly imposed limits on API access. (Thanks @webprofusion-chrisc)
• Fixed DNSimple plugin not removing challenge records (#548).
• Fixed cascading errors on public functions when running with little or no existing config. (#544)
• Fixed OVH plugin on PowerShell 5.1 by removing an accidentally added ternary operator. (#545) (Thanks @joshooaj)

v4.22.0

• New DNS plugin WebsupportSK. This will be useful to Active24 users who have been migrated to the new provider.
• Added additional debug logging for Active24 plugin.

v4.21.0

• New DNS plugin WEDOS
• Fixed OVH bug that prevented record creation at a zone apex most common when using DNS Alias support. Also added doc warning about time skew and better debug logging. (#535)

v4.20.0

• New DNS plugin PowerDNS
• Fixed duplicate identifiers in the Domain parameter causing errors with some ACME servers. Identifiers will now be deduplicated prior to being saved and sent to the ACME server. (#517)
• Added WSHDelayAfterStart param to the WebSelfHost plugin which adds a configurable delay between when the challenge listener starts up and when it asks the ACME server to validate the challenges. (#518)
• Orders where the MainDomain is longer than 64 characters will not include a CN value in the Subject field of the certificate request sent to the ACME server. CNs longer than 64 characters were already being rejected by some CAs like Let's Encrypt because the x509 spec doesn't allow for it. More Info

v4.19.0

• New DNS plugins
  • HurricaneElectricDyn This is an alternative to the existing HurricaneElectric plugin that uses the DynDNS API instead of web scraping. (Thanks @jbrunink)
  • ZoneEdit (#495)
• The CSRPath parameter in New-PAOrder and New-PACertificate will now accept the raw string contents of a CSR file instead of just the path to a file. (#503)
• The Simply plugin has been renamed to SimplyCom at the request of the provider. The new version is exactly the same. The old version will remain until the next major release. Users should update their renewal configs to use the new version to prevent future breakage. Set-PAOrder -Plugin SimplyCom
• Added a workaround to a temporary problem with the Simply.com API in case the issue pops up again. (#502)
• The Route53 plugin now uses IMDSv2 when using the IAM Role support. (#509)