Ryan Bolger

Ryan Bolger

Adventures In Tech

Posh-ACME 3.13.0

Lots of new plugins

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.13.0. There are a whole bunch of new plugins in this release and a whopping four of them were submitted by Anton Samsonov (@WiZaRd31337). One of the other big additions is the long-awaited RFC2136 plugin which utilizes BIND’s nsupdate utility to perform dynamic DNS updates. If you’re on Windows, definitely check the usage guide if you plan to use this because you likely need to download and install the nsupdate prerequisite.

Ryan Bolger

If you’ve ever had to setup an HTTPS website in the past couple years, you’ve most likely heard of Let’s Encrypt which is arguably the largest public certificate authority in the world. Not only are their certificates free, the entire ordering and renewal process can be completely automated using a recently finalized protocol standard known as ACME (RFC 8555).

Posh-ACME.Deploy 1.0.0

Cert deployment functions for Posh-ACME

Ryan Bolger

Just shipped a new module called Posh-ACME.Deploy. It’s an optional companion module for Posh-ACME that provides a set of functions to make it easier to deploy the certificates you create.

Posh-ACME 3.12.0

Set-PAOrder improvements, upgraded BouncyCastle, and misc fixes.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.12.0. The Set-PAOrder function now has -DnsPlugin and -PluginArgs parameters which should make it easier to change DNS providers and/or provider parameters without needing to wait for a certificate renewal. The BouncyCastle library has been updated to the latest 1.8.5 version and the DLL file is using a non-standard name to avoid conflicts with other software that uses BouncyCastle and chooses to install the DLL into the .NET GAC. For some reason,…

Posh-ACME 3.11.0

Improvements for Install-PACertificate and new function Revoke-PAAuthorization.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.11.0. The Install-PACertificate function now has optional parameters that allow you to specify the Windows certificate store location and name in case the defaults (LocalMachine\My) aren’t what you need. You can also use the -NotExportable switch to mark the certificate as non-exportable. There’s also a new function called Revoke-PAAuthorization which is mostly useful for testing a new configuration. It allows you to revoke one or more…

Posh-ACME 3.10.0

Critical fix, new Hurricane Electric plugin, and Azure cert-based auth.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.10.0. There’s a critical fix in this version for a problem introduced by a recent change in Let’s Encrypt’s ACME implementation that breaks renewals. A new DNS plugin for HurricaneElectric was added and the Azure plugin now supports certificate based authentication in addition to the existing methods. There’s also additional guidance in the tutorial on renewals and deployment.

Posh-ACME 3.9.0

New UnoEuro plugin and updates to Cloudflare plugin.

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.9.0. There’s a new DNS plugin for UnoEuro thanks to a user submission. The Cloudflare plugin was also updated to support limited use tokens that don’t have edit permissions to all zones on an account.

Posh-ACME 3.8.0

More options in Set-PAOrder and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.8.0. Set-PAOrder now supports modifying some order properties that don’t require generating a new order such as FriendlyName, PfxPass, and the Install switch. If the order has already been completed, changes to FriendlyName and PfxPass will generate new versions of the associated PFX files with the updated values. But changes to the Install switch will only affect future renewals. The GoDaddy plugin will no longer fail on large accounts with…

Posh-ACME 3.7.0

New param in Submit-Renewal and misc fixes

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.7.0. In addition to some miscellaneous bug fixes, Submit-Renewal now has an optional -PluginArgs parameter for cases when you need to specify new values for a plugin but don’t want to create a whole new order from scratch. This is useful if your credentials change or if the type of credential you’re using is purposefully short-lived.

Posh-ACME 3.6.0

New plugins and self-hosted http challenges

Ryan Bolger

Just shipped a new Posh-ACME release, version 3.6.0. This one has a bunch of new stuff including new plugins for Domeneshop, Dreamhost, EasyDNS, and freedns.afraid.org. The other big addition is a new function called Invoke-HttpChallengeListener which can be super handy for people doing HTTP challenges. It’s basically a self-contained webserver that will respond to requests for the HTTP challenges in your order so you don’t have manually deal with making the challenge files…

Recent Posts

categories