Just shipped a new Posh-ACME release, version 3.15.0. The big news in this release is External Account Binding (EAB) support which widens Posh-ACME’s compatibility with certificate authorities other than Let’s Encrypt. Sectigo, for example, offers paid certificates and ACME compatible endpoints. However, creating the ACME account requires linking it against an existing Sectigo account using new parameters in New-PAAccount. These parameters are a standard part of the ACME protocol,…

Just shipped a brand new module called DnsClient-PS. It’s a cross-platform DNS client for PowerShell utilizing the DnsClient.NET library. In the library author’s own words:

Just shipped a new Posh-ACME release, version 3.14.0. There’s now a Hetzner plugin thanks to a submission by Franz Mueller (@derguterat). The RFC2136 has an important fix when using it with names other than the root domain. The Google DNS plugin and the Azure usage guide also got a couple fixes.

Just shipped a new Posh-ACME release, version 3.13.0. There are a whole bunch of new plugins in this release and a whopping four of them were submitted by Anton Samsonov (@WiZaRd31337). One of the other big additions is the long-awaited RFC2136 plugin which utilizes BIND’s nsupdate utility to perform dynamic DNS updates. If you’re on Windows, definitely check the usage guide if you plan to use this because you likely need to download and install the nsupdate prerequisite.

If you’ve ever had to setup an HTTPS website in the past couple years, you’ve most likely heard of Let’s Encrypt which is arguably the largest public certificate authority in the world. Not only are their certificates free, the entire ordering and renewal process can be completely automated using a recently finalized protocol standard known as ACME (RFC 8555).

Just shipped a new module called Posh-ACME.Deploy. It’s an optional companion module for Posh-ACME that provides a set of functions to make it easier to deploy the certificates you create.

Just shipped a new Posh-ACME release, version 3.12.0. The Set-PAOrder function now has -DnsPlugin and -PluginArgs parameters which should make it easier to change DNS providers and/or provider parameters without needing to wait for a certificate renewal. The BouncyCastle library has been updated to the latest 1.8.5 version and the DLL file is using a non-standard name to avoid conflicts with other software that uses BouncyCastle and chooses to install the DLL into the .NET GAC. For some reason,…

Just shipped a new Posh-ACME release, version 3.11.0. The Install-PACertificate function now has optional parameters that allow you to specify the Windows certificate store location and name in case the defaults (LocalMachine\My) aren’t what you need. You can also use the -NotExportable switch to mark the certificate as non-exportable. There’s also a new function called Revoke-PAAuthorization which is mostly useful for testing a new configuration. It allows you to revoke one or more…

Just shipped a new Posh-ACME release, version 3.10.0. There’s a critical fix in this version for a problem introduced by a recent change in Let’s Encrypt’s ACME implementation that breaks renewals. A new DNS plugin for HurricaneElectric was added and the Azure plugin now supports certificate based authentication in addition to the existing methods. There’s also additional guidance in the tutorial on renewals and deployment.

Just shipped a new Posh-ACME release, version 3.9.0. There’s a new DNS plugin for UnoEuro thanks to a user submission. The Cloudflare plugin was also updated to support limited use tokens that don’t have edit permissions to all zones on an account.