v4.11.0

• Added SecretManagement support! See this guide for details.
• Added new DNS plugins:
  • Combell (Thanks @stevenvolckaert)
  • TotalUptime (Thanks @CirotheSilver)
• Install-PACertificate and the -Install switch on orders will now import associated chain certificates into the Intermediate cert store if they don't already exist. (#397)
• New-PAOrder will now throw an error if the order object returned by the ACME server matches an existing order with a different name. (#401)
• The progress bar for DNS propagation is now disabled by default unless a POSHACME_SHOW_PROGRESS environment variable is defined. A verbose message will be written once per minute as an alternative. (#402)
• Added auth token caching to CoreNetworks plugin to avoid getting rate limited. (#403)
• Fixed ISPConfig plugin throwing Incorrect datetime value errors when adding records (#404)
• Fixed a bug with Submit-Renewal -AllAccounts that would prevent restoring the original active account. (Thanks @markpizz) (#395)
• Fixed usage example in EasyDns guide. (Thanks @webprofusion-chrisc) (#407)

v4.10.0

• Added new DNS plugin CoreNetworks (Thanks @dwydler)
• Fix for Regru plugin bug caused by provider API change (#392)
• Fix Submit-Renewal duplicating orders that have a custom name (#393)

v4.9.0

• Added new DNS plugin ISPConfig
• Fixed the DOCean plugin when used with accounts that have more than 20 zones. (#384) (Thanks @Xpyder)
• Fixed a bug in the DOCean plugin that prevented publishing records against the zone apex.
• Fixed a bug using Set-PAOrder -PreferredChain on an existing but expired order that was recently upgraded from Posh-ACME 3.x.
• Fixed renewal window calculation for certs that have lifetimes shorter or longer than 90 days. (#382) (Thanks @lookcloser)
  • Due to the bug, certs with lifetimes longer than 90 days would renew early and certs with lifetimes shorter than 90 days would renew late or potentially not at all. Because the renewal window is calculated and saved at finalization time, the new module version won't fix the value on existing orders. It will only fix future orders/renewals.
  • If you want to scan for and fix any orders that might have been affected by this bug, you can use the script posted here: #382 (comment)
• Fixed a benign bug with object serialization in PS 5.1 that was saving the dynamic attributes on server/account/order objects.

v4.8.1

• Fixed a bug introduced in 4.7.0 that broke Set-PAAccount -UseAltPluginEncryption preventing plugin args for orders from being properly re-encrypted.

v4.8.0

• Documentation Revamp
  • https://poshac.me/docs is a new dedicated website for Posh-ACME documentation. Existing guides and tutorials have been migrated there from the Github wiki. The site is currently generated using the Markdown files in the docs folder in the main project repository by MkDocs. So it should now be easier to contribute fixes and updates.
  • The native module help is now also generated by platyPS from the Markdown files in docs/Functions.
  • Get-Help <function name> -Online should now open your browser to the appropriate page on the documentation site.
• The DeSEC plugin has new DSCToken and DSCTTL params to avoid conflicts with the DNSimple plugin. The old DSToken, DSTokenInsecure, and DSTTL parameters have been deprecated.
• "Insecure" plugin parameter sets which include secrets, tokens, or passwords using a standard String instead of a SecureString or PSCredential have been deprecated across all plugins that had them.
  • Deprecated means that they will continue to work in Posh-ACME 4.x, but will stop working when 5.0 is released.
  • If you are currently using a deprecated parameter set, please migrate to a secure one when convenient.
  • See your plugin's usage guide for more information.
  • For help finding deprecated parameters in your config, see this guide
• The following plugins have added new "Secure" parameter sets:
  • BlueCat
  • Cloudflare
  • DOcean
  • Dreamhost
  • Dynu
  • EasyDNS
  • GoDaddy
  • NameCom
  • Zonomi
• A Plugin property has been added to the output objects returned by Get-PAPlugin <Plugin> -Params

v4.7.1

• Fixed a parameter binding bug in New-PACertificate that could cause renewals to stall in some cases due to an interactive prompt.
• Fixed help for Export-PAAccountKey

v4.7.0

• Servers, Accounts, and Orders all now have configurable Names that also determine the name of their associated folders in the config on the filesystem. (#345) This is a fairly large change, but significant effort has been spent implementing it so that dependent scripts will not break.
  • Please backup your current config before customizing your object names. Previous Posh-ACME versions will break trying to read configs with custom names.
  • All customized names may only use the following characters to avoid cross-platform filesystem compatibility issues: 0-9 a-z A-Z - . _ !.
  • A NewName parameter has been added to Set-PAServer, Set-PAAccount, and Set-PAOrder to change the name of each type of object.
  • Server related functions now have an optional Name parameter which can be used instead of or in addition to the DirectoryUrl parameter. This includes Get/Remove/Set-PAServer.
  • If a server doesn't already exist, Set-PAServer will use the -Name parameter for the new server's name. If the server already exists, it is ignored.
  • Returned server objects now have Name and Folder properties.
  • Despite being able to customize Server names, you may still only have a single instance of each unique ACME server in your config. This may chang in a future major version.
  • Account related functions that have an ID parameter now have a Name parameter alias. This includes Get/Remove/Set-PAAccount and Export-PAAccountKey. The ID parameter should be considered deprecated and in future major versions will be replaced by Name.
  • The ID parameter was added to New-PAAccount to allow setting the customized ID on creation instead of using the server provided default value.
  • Returned account objects now have a Folder property and the id property now reflects the customizable value.
  • The id property on account objects is deprecated and will be changed to Name in a future major version.
  • Order related functions now have an optional Name parameter to distinguish between multiple orders that may have the same MainDomain. This includes Get/Revoke/New-PACertificate, Get/New/Set/Remove-PAOrder, Get-PAPluginArgs, Invoke-HttpChallengeListener, and Submit-Renewal. In most cases, the Name parameter can also be used by itself as a unique identifier for orders.
  • The Name parameter on New-PACertificate and New-PAOrder allows setting the customized order name on creation instead of using the MainDomain default value.
  • Returned order objects now have a Name property (not to be confused with FriendlyName which only affects the certificate associated with the order).
  • Order related error and log messages that previously mentioned the order's MainDomain have been changed to use the order's Name instead.
  • To retain backwards compatibility with existing 4.x dependent scripts, Get-PAOrder will return the single, most recent order when used with -MainDomain even if there are multiple matching orders. This also affects Get-PACertificate which uses Get-PAOrder under the hood.
  • Set-PAOrder, Revoke-PACertificate, and Remove-PAOrder will throw an error if only MainDomain is specified and it matches multiple orders. Specify the Name parameter as well to ensure a unique order match.
• Custom plugins can now be loaded from an alternate filesystem location by creating a POSHACME_PLUGINS environment variable before the module is loaded. The value should be a folder path that contains uniquely named .ps1 plugin files. If any custom plugins have the same name as native plugins, a warning will be thrown and they will not be loaded.
• Added New-PAAuthorization which allows the creation of authorization objects outside the context of an order. NOTE: BuyPass is the only free ACME CA that currently supports this feature.
• Added a OnlyReturnExisting parameter to New-PAAccount when using an imported key which instructs the ACME server to only return account details if an account already exists for that key.
• Added a NoSwitch parameter to Set-PAServer so you can modify the active server without switching to it.
• The AllSANs field on PACertificate objects now reflects the SAN list on the actual certificate instead of its associated ACME order (just in case the two lists have divered for some strange reason).
• Added missing help on Get-PAPluginArgs.
• Default formatting for PAServer objects has been tweaked to show more useful info.
• Default formatting for PAOrder object now includes Name and has removed OSCPMustStaple.
• The Quiet parameter has been removed from the Get-PAServer -List parameter set because it didn't make sense.
• Fixed an example in Remove-PAServer help.
• Added workaround for BuyPass bug that prevents some error details from being parsed.
• Adjusted support for Account Key Rollover to more closely follow RFC8555 which fixes a bug using it with BuyPass
• Changed some logic in Revoke-PACertificate so that it works with BuyPass which doesn't seem to support revocation using the cert's private key.
• Orders using an ECC private key will no longer include Key Encipherment in the CSR's keyUsage when submitting an order for finalization. Key Encipherment is not supported for ECDSA certs and some CAs were rejecting the finalization.

v4.6.0

• Added new DNS plugins
  • HostingDe
  • Beget
• Revoke-PACertificate no longer requires a configured account when using an explicit cert/key (#361)
• Fixed Aurora plugin for edge case bug with PowerShell Core (#353)
• Fixed DirectoryUrl completers in PS 5.1 when no servers currently exist.
• Fixed unauthenticated updates with RFC2136 plugin (#360) (Thanks @dsbibby)
• Refactored Simply plugin to be IDN agnostic and redact API keys from logging (#352)
• ACME errors from New-PAAccount should be less ugly now.

v4.5.0

• Added new DNS plugins
  • Aurora for PCExtreme (Thanks @j81blog)
  • UKFast (Thanks @Overglazed)
• Added new function Revoke-PACertificate which provides more options for cert revocation including the ability to revoke certs not created with other clients or ACME accounts if you have the private key.
• Added ManualNonInteractive switch to the Manual plugin to suppress the interactive prompt after showing the TXT record details that need to be created. (Thanks @hhhuut)
• Added additional guidance in the plugin dev guide.
• Optimized module load time by pre-caching native plugin details.
• Fixed support for IDN domains in Simply plugin (Thanks @Norskov)
• Fixed Azure plugin bug when DnsAlias matches the zone apex. (#348)
• Fixed Azure plugin to support IMDS auth within Azure Automation. (#349)
• Fixed tests for Pester 5.2

v4.4.0

• Added new DNS plugins
  • Constellix
  • All-Inkl (Thanks @astaerk)
  • Easyname (Thanks @codemanat)
• Added Folder property to Get-PAOrder output
• Added KeyFile parameter to New-PAOrder to allow importing an existing private key