v4.28.0

• New efficient iP SOLIDserver DDI plugin. Thanks @jamiekowalczik for the initial PR and @alexissavin for providing a test platform and API guidance.
• Experimental support for the new ACME Profiles extension. This is still a very early draft standard and subject to change, but Let's Encrypt is already rolling out support this year as part of their short-lived certificates initiative. More info here.
• Fixed Route53 plugin when used with accounts that have many hosted zones. (#593)
• Fixed a bug with DeSEC plugin that was caused by the previous fix for #584. (#598)
• Added better debug logging for DeSEC plugin.
• Azure cert thumbprint auth now works on Linux for certs in the "CurrentUser" store. (Thanks @Eric2XU)
• Fixed a bug with Azure cert thumbprint auth on Windows that could throw errors when using certificates with non-exportable private keys.
• Added better debug logging for Azure plugin.
• AcmeException objects thrown by the module now include the lower level HTTP response exception as an InnerException.

v4.27.0

• New DNS Plugins
  • INWX (Thanks @andreashaerter)
  • EuroDNSReseller Check the guide on this one. It's only currently usable by reseller partners of EuroDNS and not direct EuroDNS customers. (Thanks @zoryatix)
• Fixed WEDOS plugin to handle different response types for dns-domains-list API call (#579)
• Publish-Challenge and Unpublish-Challenge now strip trailing . chars from the RecordName they pass to plugins in order to make edge-case parsing more predictable.
• Added additional ARI related error handling in New-PAOrder to more gracefully handle problems with the replaces field. (#587)
• Added additional error handling in the config import process to better deal with unexpected config states. (#587)
• Fixed a bug in the plugin development guide code that suggests how to parse short names from a RecordName and ZoneName value. The bug wouldn't correctly parse the short name in FQDNs that contained more than one instance of the zone name. (#584)
• Fixed all of the plugins that had implemented the bugged short name parsing algorithm.
  • Active24
  • Aliyun
  • All-Inkl
  • Aurora
  • AutoDNS
  • Azure
  • BlueCat
  • Bunny
  • ClouDNS
  • Combell
  • Constellix
  • CoreNetworks
  • DMEasy
  • DNSPod
  • DNSimple
  • DOcean
  • DeSEC
  • Domeneshop
  • EasyDNS
  • Easyname
  • FreeDNS
  • Gandi
  • GoDaddy
  • Hetzner
  • IBMSoftLayer
  • ISPConfig
  • Infomaniak
  • Linode
  • Loopia
  • NameCom
  • NameSilo
  • Namecheap
  • OVH
  • OnlineNet
  • PointDNS
  • Porkbun
  • PortsManagement
  • Regru
  • Simply
  • SimplyCom
  • TencentDNS
  • TotalUptime
  • WEDOS
  • WebsupportSK
  • Windows
  • Yandex

v4.26.0

• New DNS plugin AddrTools (#572)
• Porkbun plugin updated with new API endpoint. Vendor decommissioning old endpoint on 2024-12-01. Please upgrade before then. (#570)
• Porkbun plugin added retry mechanic to deal with rate limiting errors.
• Fixed ARI related date parsing bug when using PowerShell 7+. (#578)

v4.25.1

• Fix Azure IMDS auth for Arc-enabled servers

v4.25.0

• New DNS plugins
  • TencentDNS which is a new plugin for DNSPod that uses the Tencent Cloud API which will eventually be required when the old DNSPod API is terminated. (#553) (Thanks @xiaotiannet)
  • OnlineNet which is Scaleway's legacy DNS API managed through console.online.net. (#557)
• Gandi plugin now supports Personal Access Tokens (PAT) auth in addition to legacy API Keys (#554)
• NameCom plugin now has better error handling and debug logs. NameCom users with 2FA enabled should also review the user guide about a setting that could break API access. (#556)
• Minor logging fix for Active24 plugin.
• Fixed a bug with ARI implementation that would fail renewals when the ACME server believes the replaced cert had already been replaced. (#560)
• Fixed a bug with ARI implementation that would throw errors when the cert being replaced did not contain an AKI extention. (#561)

v4.24.0

• DomainOffensive plugin updated with new API root and documentation links. (Thanks @henrikalves)
• Added ARI (ACME Renewal Information) support based on draft 04. This should be considered experimental until the RFC is finalized.
  • ARIId and Serial fields have been added to the output of Get-PACertificate
  • DisableARI switch added to Set-PAServer which disables ARI support for the server even it would otherwise be supported. This will primarily be useful if the ARI draft changes enough to break the current support and CAs update their implementations before the module can be updated. It may also be useful for providers with existing ARI support from an older unsupported draft.
  • ReplacesCert parameter added to New-PAOrder which takes an ARIId string as returned by Get-PACertificate. This will be ignored if the current ACME server doesn't support ARI or support has been explicitly disabled via Set-PAServer.
  • Order refreshes now perform an ARI check if supported and not disabled. The RenewAfter field is updated if the response indicates it is necessary.
  • Submit-Renewal now triggers an order refresh if ARI is supported and not disabled.

v4.23.1

• Fix DNSimple plugin not properly ignoring 404 API errors on PowerShell 5.1 (#549)

v4.23.0

• Added support for DNSimple user tokens which should allow for certs with names that span domains in multiple accounts.
• Added warning in GoDaddy guide about newly imposed limits on API access. (Thanks @webprofusion-chrisc)
• Fixed DNSimple plugin not removing challenge records (#548).
• Fixed cascading errors on public functions when running with little or no existing config. (#544)
• Fixed OVH plugin on PowerShell 5.1 by removing an accidentally added ternary operator. (#545) (Thanks @joshooaj)

v4.22.0

• New DNS plugin WebsupportSK. This will be useful to Active24 users who have been migrated to the new provider.
• Added additional debug logging for Active24 plugin.

v4.21.0

• New DNS plugin WEDOS
• Fixed OVH bug that prevented record creation at a zone apex most common when using DNS Alias support. Also added doc warning about time skew and better debug logging. (#535)