Releases: rmbolger/Posh-ACME
Releases · rmbolger/Posh-ACME
v4.25.1
v4.25.0
- New DNS plugins
- TencentDNS which is a new plugin for DNSPod that uses the Tencent Cloud API which will eventually be required when the old DNSPod API is terminated. (#553) (Thanks @xiaotiannet)
- OnlineNet which is Scaleway's legacy DNS API managed through
console.online.net
. (#557)
- Gandi plugin now supports Personal Access Tokens (PAT) auth in addition to legacy API Keys (#554)
- NameCom plugin now has better error handling and debug logs. NameCom users with 2FA enabled should also review the user guide about a setting that could break API access. (#556)
- Minor logging fix for Active24 plugin.
- Fixed a bug with ARI implementation that would fail renewals when the ACME server believes the replaced cert had already been replaced. (#560)
- Fixed a bug with ARI implementation that would throw errors when the cert being replaced did not contain an AKI extention. (#561)
v4.24.0
- DomainOffensive plugin updated with new API root and documentation links. (Thanks @henrikalves)
- Added ARI (ACME Renewal Information) support based on draft 04. This should be considered experimental until the RFC is finalized.
ARIId
andSerial
fields have been added to the output ofGet-PACertificate
DisableARI
switch added toSet-PAServer
which disables ARI support for the server even it would otherwise be supported. This will primarily be useful if the ARI draft changes enough to break the current support and CAs update their implementations before the module can be updated. It may also be useful for providers with existing ARI support from an older unsupported draft.ReplacesCert
parameter added toNew-PAOrder
which takes an ARIId string as returned byGet-PACertificate
. This will be ignored if the current ACME server doesn't support ARI or support has been explicitly disabled viaSet-PAServer
.- Order refreshes now perform an ARI check if supported and not disabled. The
RenewAfter
field is updated if the response indicates it is necessary. Submit-Renewal
now triggers an order refresh if ARI is supported and not disabled.
v4.23.1
v4.23.0
- Added support for DNSimple user tokens which should allow for certs with names that span domains in multiple accounts.
- Added warning in GoDaddy guide about newly imposed limits on API access. (Thanks @webprofusion-chrisc)
- Fixed DNSimple plugin not removing challenge records (#548).
- Fixed cascading errors on public functions when running with little or no existing config. (#544)
- Fixed OVH plugin on PowerShell 5.1 by removing an accidentally added ternary operator. (#545) (Thanks @joshooaj)
v4.22.0
- New DNS plugin WebsupportSK. This will be useful to Active24 users who have been migrated to the new provider.
- Added additional debug logging for Active24 plugin.
v4.21.0
v4.20.0
- New DNS plugin PowerDNS
- Fixed duplicate identifiers in the
Domain
parameter causing errors with some ACME servers. Identifiers will now be deduplicated prior to being saved and sent to the ACME server. (#517) - Added
WSHDelayAfterStart
param to the WebSelfHost plugin which adds a configurable delay between when the challenge listener starts up and when it asks the ACME server to validate the challenges. (#518) - Orders where the MainDomain is longer than 64 characters will not include a CN value in the Subject field of the certificate request sent to the ACME server. CNs longer than 64 characters were already being rejected by some CAs like Let's Encrypt because the x509 spec doesn't allow for it. More Info
v4.19.0
- New DNS plugins
- HurricaneElectricDyn This is an alternative to the existing
HurricaneElectric
plugin that uses the DynDNS API instead of web scraping. (Thanks @jbrunink) - ZoneEdit (#495)
- HurricaneElectricDyn This is an alternative to the existing
- The
CSRPath
parameter inNew-PAOrder
andNew-PACertificate
will now accept the raw string contents of a CSR file instead of just the path to a file. (#503) - The
Simply
plugin has been renamed toSimplyCom
at the request of the provider. The new version is exactly the same. The old version will remain until the next major release. Users should update their renewal configs to use the new version to prevent future breakage.Set-PAOrder -Plugin SimplyCom
- Added a workaround to a temporary problem with the Simply.com API in case the issue pops up again. (#502)
- The
Route53
plugin now uses IMDSv2 when using the IAM Role support. (#509)
v4.18.0
- The
POSHACME_HOME
environment variable now supports Windows-style (surrounded by%
) environment variable expansion. (#497)- So you can set the value to
%ProgramData%\Posh-ACME
instead of needing to set it explicitly toC:\ProgramData\Posh-ACME
for example. - NOTE: This requires Windows-style environment variable strings even on non-Windows OSes.
- So you can set the value to
- The Azure plugin no longer tries to re-use cached authentication tokens when using the
AZAccessToken
parameter set. (#498) - Fixed a bug with the Azure plugin that broke authentication when submitting multiple orders with different credentials from different tenants. (#498)
- Fixed a problem using Posh-ACME within AWS Lambda due to non-standard dotnet runtime assembly configs. (#418) (Thanks @garthmccormack)
- This fix involved changing the
RevocationReasons
enum from a .NET type to a PowerShell native enum. - The change constitutes a minor breaking change which makes the enum no longer accessible from outside the module's context, but tab completion and string converted values for the
Revoke-PACertificate -Reason
parameter work exactly the same as before.
- This fix involved changing the