Ryan Bolger

Ryan Bolger

Adventures In Tech

Posh-ACME 3.18.0

DuckDNS plugin and prep for 4.x

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.18.0. The highlight of this release is a plugin for DuckDNS. DuckDNS is a free, but troublesome provider to work with because their API only allows for a single TXT record to exist at a time. That means if you’re trying to get a cert that has more than one name in it, such as example.com and www.example.com, you need to publish and validate each TXT record separately instead of publishing both records and validating them at the same time.…

Posh-ACME.Deploy 1.2.0

Added IIS FTP Support

Ryan Bolger

Just shipped a new Posh-ACME.Deploy release, version 1.2.0. There is now a Set-IISFTPCertificate function. It requires the same WebAdministration module the other IIS function does and has been tested on Windows Server 2019, but will likely work against earlier versions as well. In addition to updating the cert, it can also be used to change other SSL related FTP parameters like Control Channel Policy, Data Channel Policy, and whether to use 128-bit encryption.

Posh-ACME 3.17.0

Account key import/export and test updates

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.17.0. The highlight of this release is the ability to import or export the private key associated with an ACME account. When creating a new account or performing a key rollover for an existing account, Posh-ACME will normally generate a new random private key automatically. But you now have the option to import an existing key instead of having one generated. It works like this:

Posh-ACME 3.16.0

Preferred Chain support and a new plugin

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.16.0. The highlight of this release is Preferred Chain support which is an advanced but important feature with Let’s Encrypt’s impending root transition. When you download a certificate from an ACME server, you also get the issuing chain with that certificate. But for certificate authorities with complex issuance hierarchies, the ACME server may have multiple valid hierarchies to choose from. This new feature allows you to specify which…

Posh-ACME.Deploy 1.1.0

Added Exchange Support

Ryan Bolger

Just shipped a new Posh-ACME.Deploy release, version 1.1.0. There is now a Set-ExchangeCertificate function thanks to Erik Nemchik (@nemchik). It requires the Microsoft.Exchange.Management.PowerShell snap-in and has been tested successfully against Exchange 2019, but may work against earlier versions as well.

Posh-ACME 3.15.0

External Account Binding (EAB) support and a new plugin

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.15.0. The big news in this release is External Account Binding (EAB) support which widens Posh-ACME’s compatibility with certificate authorities other than Let’s Encrypt. Sectigo, for example, offers paid certificates and ACME compatible endpoints. However, creating the ACME account requires linking it against an existing Sectigo account using new parameters in New-PAAccount. These parameters are a standard part of the ACME protocol,…

Posh-ACME 3.14.0

New plugin and some fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.14.0. There’s now a Hetzner plugin thanks to a submission by Franz Mueller (@derguterat). The RFC2136 has an important fix when using it with names other than the root domain. The Google DNS plugin and the Azure usage guide also got a couple fixes.

Posh-ACME 3.13.0

Lots of new plugins

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.13.0. There are a whole bunch of new plugins in this release and a whopping four of them were submitted by Anton Samsonov (@WiZaRd31337). One of the other big additions is the long-awaited RFC2136 plugin which utilizes BIND’s nsupdate utility to perform dynamic DNS updates. If you’re on Windows, definitely check the usage guide if you plan to use this because you likely need to download and install the nsupdate prerequisite.

Ryan Bolger

If you’ve ever had to setup an HTTPS website in the past couple years, you’ve most likely heard of Let’s Encrypt which is arguably the largest public certificate authority in the world. Not only are their certificates free, the entire ordering and renewal process can be completely automated using a recently finalized protocol standard known as ACME (RFC 8555).

Posh-ACME.Deploy 1.0.0

Cert deployment functions for Posh-ACME

Ryan Bolger

Just shipped a new module called Posh-ACME.Deploy. It’s an optional companion module for Posh-ACME that provides a set of functions to make it easier to deploy the certificates you create.

Recent Posts

Categories