HTTPS web UIs and APIs using self-signed certificates have always annoyed me. It’s one of the reasons I started learning about PKI long before Let’s Encrypt and the ACME protocol made free publicly trusted certs available for everyone. But it may still be a while before large products and platforms like Infoblox start natively supporting ACME to make our self-signed cert woes a thing of the past. Until then, here’s how you can use Posh-ACME and Posh-IBWAPI to get a free cert…

Over the course of my career, I’ve worked with several Active Directory environments that ran the domain’s DNS zones on 3rd party DNS products like Infoblox or BIND instead of directly on the domain controllers. GSS-TSIG and secure dynamic updates work great with these non-Windows DNS servers when configured properly. But sometimes, getting the settings right can be tricky for the DNS admins and having a way trigger a DC’s record registration process while troubleshooting is…

Just shipped a new Posh-ACME release, version 4.6.0. There are new plugins for HostingDe and Beget. The new Revoke-PACertificate has been improved so it no longer requires a configured ACME account when using an explicit cert/key. There’s a fix for unauthenticated updates with RFC2136 plugin and the Simply plugin is now IDN agnostic thanks to suggestions from the API owner.

Just shipped a new Posh-ACME release, version 4.5.0. There are new plugins for PCExtreme (called Aurora) and UKFast. There’s also a new dedicated function for certificate revocation called Revoke-PACertificate.

Just shipped a new Posh-ACME release, version 4.4.0. There are three new DNS plugin for Constellix, All-Inkl, Easyname and a couple order related new features.

Just shipped a new Posh-ACME release, version 4.3.0. The main change in this version is how the PreferredChain functionality works. Previously it would check all chains in the order they were recieved and use the first one that contained a cert that matched the PreferredChain value. But the upcoming changes to the chains offered by Let’s Encrypt highlighted a problem with that logic. If a user wanted to use the new shorter ISRG Root X1, that value would match in the default chain before…

Just shipped a new Posh-ACME release, version 4.2.0. There are new DNS plugins for Infomaniak and Zilore and a new option for AcmeDns that allows you to specify the complete URI instead of just the hostname in case you’ve got a custom setup.

Just shipped a new Posh-ACME release, version 4.1.0. The RFC2136 plugin now uses the exit code from nsupdate instead of output parsing to determine success and avoid possible language OS inconsistencies. There’s also a new optional DDNSZone param to avoid the initial SOA lookup that breaks in some environments. The UnoEuro plugin has been removed because the API endpoint is no longer functional. So if you hadn’t switched over to the Simply plugin, now is the time.

Just shipped a new Posh-ACME release, version 4.0.0. This is a huge personal win for me that took far longer than I had originally intended. So I’m super excited to finally get it out the door.

Just shipped a new Posh-ACME release, version 3.20.0. The Azure plugin has been enhanced in this release thanks to @InKahootz and now supports targeting additional Azure cloud environments that support specific countries or governments. There are also some fixes for the Simply plugin.