Posh-ACME is a PowerShell based ACMEv2 client that supports both Windows PowerShell 5.1+ and PowerShell Core 6.0+. You can find the project site here:
You can download directly from GitHub or install via PowerShellGallery
Here are the 3.0.0 release notes from the changelog:
- Potentially breaking changes
- Many ACME protocol messages that previously used GET requests have been changed to POST-as-GET to comply with the latest ACME draft-16. Let’s Encrypt already supports the new draft, but other ACME servers may not yet.
-
CertIssueTimeoutparam was removed fromNew-PACertificateandSubmit-OrderFinalizebecause it wasn’t actually being used properly in the former and doesn’t seem necessary anymore.
- New Feature: Generate certs from an existing certificate request which can be useful for appliances that generate their own keys and CSRs. (Thanks @virot)
- New
CSRPathparameter onNew-PACertificateandNew-PAOrderthat removes the need forDomain,CertKeyLength,NewCertKey,OCSPMustStaple,FriendlyName,PfxPass, andInstallparameters when used. Most values will be extracted from the CSR. - Certs generated using this method will not have PFX files created because there is no private key.
- Certs generated using this method can not be automatically installed to the Windows cert store because there are no PFX files.
- New
-
Get-KeyAuthorizationnow hasForDNSparameter which returns the actual TXT value necessary for the dns-01 challenge. (Thanks @chandan1001) - Added new DNS plugins
- IBMSoftLayer (IBM Cloud DNS)
- AutoDNS (InternetX XML Gateway)
- Fix for some validation params not getting set properly on new instances of old orders
- Fix for Windows plugin not using
$dnsParamsappropriately (Thanks @B4dM4n)