Ryan Bolger

Ryan Bolger

Adventures In Tech

Posh-ACME 3.11.0

Improvements for Install-PACertificate and new function Revoke-PAAuthorization.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.11.0. The Install-PACertificate function now has optional parameters that allow you to specify the Windows certificate store location and name in case the defaults (LocalMachine\My) aren’t what you need. You can also use the -NotExportable switch to mark the certificate as non-exportable. There’s also a new function called Revoke-PAAuthorization which is mostly useful for testing a new configuration. It allows you to revoke one or more existing authorizations associated with an account so that when you generate a new certificate, the ACME server will require a full re-validation for those names.

Updated versions can be found in the PowerShell Gallery or GitHub. Installation instructions are in the Readme.


  • Added Revoke-PAAuthorization which enables revocation of identifier authorizations associated with an account.
  • Get-PAAuthorizations now has an optional -Account parameter and better error handling.
  • Get-PAAuthorization has been added as an alias for Get-PAAuthorizations to better comply with PowerShell naming standards. It will likely be formally renamed in version 4.x and the old name should be considered deprecated. This change should allow dependent scripts to prepare for that change in advance.
  • Install-PACertificate now supports parameters to select the store name, location, and the exportable flag.
  • Workaround for Boulder issue that doesn’t return JSON error bodies for old endpoints.
  • Fixed bug creating new orders with a changed KeyLength value that was preventing the required new private key from being created.

Recent Posts