Ryan Bolger

Ryan Bolger

Adventures In Tech

Posh-ACME 4.5.0

New plugins, new revocation function, and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 4.5.0. There are new plugins for PCExtreme (called Aurora) and UKFast. There’s also a new dedicated function for certificate revocation called Revoke-PACertificate.

The current revocation functionality is sort of hidden in Set-PAOrder -RevokeCert and only really able to revoke certs that were obtained by the current Posh-ACME account. But the ACME protocol supports additional methods for revocation where all you need is the certificate and its private key even if you have lost access to the original account that requested it. The new function supports these additional methods. For example:

$certPath = '/path/to/cert.pem'
$keyPath = '/path/to/key.pem'

Revoke-PACertificate -CertFile $certPath -KeyFile $keyPath -Reason keyCompromise

Updated versions can be found in the PowerShell Gallery or GitHub. Installation instructions are in the Readme.


  • Added new DNS plugins
  • Added new function Revoke-PACertificate which provides more options for cert revocation including the ability to revoke certs not created with other clients or ACME accounts if you have the private key.
  • Added ManualNonInteractive switch to the Manual plugin to suppress the interactive prompt after showing the TXT record details that need to be created. (Thanks @hhhuut)
  • Added additional guidance in the plugin dev guide.
  • Optimized module load time by pre-caching native plugin details.
  • Fixed support for IDN domains in Simply plugin (Thanks @Norskov)
  • Fixed Azure plugin bug when DnsAlias matches the zone apex. (#348)
  • Fixed Azure plugin to support IMDS auth within Azure Automation. (#349)
  • Fixed tests for Pester 5.2

Recent Posts