Just shipped a new Posh-ACME release, version 3.18.0. The highlight of this release is a plugin for DuckDNS. DuckDNS is a free, but troublesome provider to work with because their API only allows for a single TXT record to exist at a time. That means if you’re trying to get a cert that has more than one name in it, such as example.com and www.example.com, you need to publish and validate each TXT record separately instead of publishing both records and validating them at the same time.…

Just shipped a new Posh-ACME.Deploy release, version 1.2.0. There is now a Set-IISFTPCertificate function. It requires the same WebAdministration module the other IIS function does and has been tested on Windows Server 2019, but will likely work against earlier versions as well. In addition to updating the cert, it can also be used to change other SSL related FTP parameters like Control Channel Policy, Data Channel Policy, and whether to use 128-bit encryption.

Just shipped a new Posh-ACME release, version 3.17.0. The highlight of this release is the ability to import or export the private key associated with an ACME account. When creating a new account or performing a key rollover for an existing account, Posh-ACME will normally generate a new random private key automatically. But you now have the option to import an existing key instead of having one generated. It works like this:

Just shipped a new Posh-IBWAPI release, version 3.2.0. There is now a ProfileName parameter associated with all of the public functions that have connection specific parameters such as WAPIHost, WAPIVersion, and Credential. This should make it easier to change profiles on a per-call basis instead of needing to run Set-IBConfig to switch away and back again.

An IPAM solution is not very useful unless it accurately reflects the state of your network. The discovery features in NIOS have always been one of the great benefits of having Infoblox DDI. Network Insight and NetMRI focus on discovery of network gear and what is connected to it. The vDiscovery feature adds the ability to discover virtual infrastructure in both public and private cloud environments. All of these working together can give you a super accurate picture of what exists on your…

Just shipped a new Posh-ACME release, version 3.16.0. The highlight of this release is Preferred Chain support which is an advanced but important feature with Let’s Encrypt’s impending root transition. When you download a certificate from an ACME server, you also get the issuing chain with that certificate. But for certificate authorities with complex issuance hierarchies, the ACME server may have multiple valid hierarchies to choose from. This new feature allows you to specify which…

Just shipped a new Posh-ACME.Deploy release, version 1.1.0. There is now a Set-ExchangeCertificate function thanks to Erik Nemchik (@nemchik). It requires the Microsoft.Exchange.Management.PowerShell snap-in and has been tested successfully against Exchange 2019, but may work against earlier versions as well.

Just shipped a new Posh-ACME release, version 3.15.0. The big news in this release is External Account Binding (EAB) support which widens Posh-ACME’s compatibility with certificate authorities other than Let’s Encrypt. Sectigo, for example, offers paid certificates and ACME compatible endpoints. However, creating the ACME account requires linking it against an existing Sectigo account using new parameters in New-PAAccount. These parameters are a standard part of the ACME protocol,…

Just shipped a brand new module called DnsClient-PS. It’s a cross-platform DNS client for PowerShell utilizing the DnsClient.NET library. In the library author’s own words:

Just shipped a new Posh-ACME release, version 3.14.0. There’s now a Hetzner plugin thanks to a submission by Franz Mueller (@derguterat). The RFC2136 has an important fix when using it with names other than the root domain. The Google DNS plugin and the Azure usage guide also got a couple fixes.