{"id":13596553,"url":"https://github.com/rmbolger/Posh-ACME","last_synced_at":"2025-04-09T16:32:59.690Z","repository":{"id":32002837,"uuid":"131170974","full_name":"rmbolger/Posh-ACME","owner":"rmbolger","description":"PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)","archived":false,"fork":false,"pushed_at":"2025-03-09T08:13:06.000Z","size":23582,"stargazers_count":816,"open_issues_count":20,"forks_count":194,"subscribers_count":35,"default_branch":"main","last_synced_at":"2025-04-06T11:04:54.381Z","etag":null,"topics":["acme","acme-client","acme-protocol","certificate","letsencrypt","powershell","powershell-module","rfc8555"],"latest_commit_sha":null,"homepage":"https://poshac.me/docs/latest/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rmbolger.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"rmbolger","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2018-04-26T14:51:57.000Z","updated_at":"2025-04-03T08:57:56.000Z","dependencies_parsed_at":"2024-01-14T08:41:12.407Z","dependency_job_id":"6582eebc-7bf9-49a1-a904-58ee6068c220","html_url":"https://github.com/rmbolger/Posh-ACME","commit_stats":{"total_commits":928,"total_committers":70,"mean_commits":"13.257142857142858","dds":0.09806034482758619,"last_synced_commit":"ab4e161c3e118560e0632afc9fd4d0684cb20ec5"},"previous_names":[],"tags_count":80,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmbolger%2FPosh-ACME","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmbolger%2FPosh-ACME/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmbolger%2FPosh-ACME/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmbolger%2FPosh-ACME/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rmbolger","download_url":"https://codeload.github.com/rmbolger/Posh-ACME/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248067976,"owners_count":21042393,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","acme-client","acme-protocol","certificate","letsencrypt","powershell","powershell-module","rfc8555"],"created_at":"2024-08-01T16:02:34.152Z","updated_at":"2025-04-09T16:32:59.684Z","avatar_url":"https://github.com/rmbolger.png","language":"PowerShell","readme":"# Posh-ACME\n\nA [PowerShell](#requirements-and-platform-support) module and [ACME](https://tools.ietf.org/html/rfc8555) client to create publicly trusted SSL/TLS certificates from an ACME capable certificate authority such as [Let's Encrypt](https://letsencrypt.org/).\n\n## Notable Features\n\n- Multi-domain (SAN) and wildcard (*.example.com) certificates supported\n- IP Address certificates ([RFC 8738](https://tools.ietf.org/html/rfc8738)) *(Requires ACME CA support)*\n- All-in-one command for new certs, `New-PACertificate`\n- Easy renewals with `Submit-Renewal`\n- RSA and ECDSA keys supported for accounts and certificates\n- Built-in validation plugins for [DNS and HTTP](https://poshac.me/docs/latest/Plugins/) based challenges. (pull requests welcome)\n- Support for pre-created certificate requests (CSR)\n- PEM and PFX output files\n- No elevated Windows privileges required *(unless using `-Install` switch)*\n- Cross platform PowerShell support. [(FAQ)](https://poshac.me/docs/latest/FAQ/#does-posh-acme-work-cross-platform-on-powershell-core)\n- Account key rollover support\n- [OCSP Must-Staple](https://scotthelme.co.uk/ocsp-must-staple/) support\n- DNS challenge [CNAME support](https://poshac.me/docs/latest/Guides/Using-DNS-Challenge-Aliases/)\n- Multiple ACME accounts supported per ACME CA.\n- External Account Binding support for ACME CAs that require it [(Guide)](https://poshac.me/docs/Guides/External-Account-Binding/)\n- Preferred Chain support to use alternative CA trust chains [(Guide)](https://poshac.me/docs/Guides/Using-Alternate-Trust-Chains/)\n- PowerShell [SecretManagement](https://devblogs.microsoft.com/powershell/secretmanagement-and-secretstore-are-generally-available/) support [(Guide)](https://poshac.me/docs/v4/Guides/Using-SecretManagement/)\n- [ARI (ACME Renewal Information)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) support based on draft 07.\n- [ACME Profiles](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/) support  based on draft 00.\n\n\n## Installation (Stable)\n\nThe latest release can found in the [PowerShell Gallery](https://www.powershellgallery.com/packages/Posh-ACME/) or the [GitHub releases page](https://github.com/rmbolger/Posh-ACME/releases). Installing is easiest from the gallery using `Install-Module`. *See [Installing PowerShellGet](https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget) if you run into problems with it.*\n\n```powershell\n# install for all users (requires elevated privs)\nInstall-Module -Name Posh-ACME -Scope AllUsers\n\n# install for current user\nInstall-Module -Name Posh-ACME -Scope CurrentUser\n```\n\n*NOTE: If you use PowerShell 5.1 or earlier, `Install-Module` may throw an error depending on your Windows and .NET version due to a change PowerShell Gallery made to their TLS settings. For more info and a workaround, see the [official blog post](https://devblogs.microsoft.com/powershell/powershell-gallery-tls-support/).*\n\n## Installation (Development)\n\n[![Pester Tests badge](https://github.com/rmbolger/Posh-ACME/workflows/Pester%20Tests/badge.svg)](https://github.com/rmbolger/Posh-ACME/actions)\n\nUse the following PowerShell command to install the latest *development* version from the git `main` branch. This method assumes a default [`PSModulePath`](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_psmodulepath) environment variable and installs to the CurrentUser scope.\n\n```powershell\niex (irm https://raw.githubusercontent.com/rmbolger/Posh-ACME/main/instdev.ps1)\n```\n\nYou can also download the source manually from GitHub and extract the `Posh-ACME` folder to your desired module location.\n\n## Quick Start\n\nThe minimum parameters you need for a cert are the domain name and the `-AcceptTOS` flag. This uses the default `Manual` DNS plugin which requires you to manually edit your DNS server to create the TXT records required for challenge validation.\n\n```powershell\nNew-PACertificate example.com -AcceptTOS\n```\n\nNOTE: On Windows, you may need to set a less restrictive PowerShell execution policy before you can import the module.\n\n```powershell\nSet-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force\nImport-Module Posh-ACME\n```\n\n Here's a more complete example with a typical wildcard cert utilizing a hypothetical `FakeDNS` DNS plugin that also adds a contact email address to the account for expiration notifications.\n\n```powershell\n$certNames = '*.example.com','example.com'\n$email = 'admin@example.com'\n$pArgs = @{\n    FDToken = (Read-Host 'FakeDNS API Token' -AsSecureString)\n}\nNew-PACertificate $certNames -AcceptTOS -Contact $email -Plugin FakeDNS -PluginArgs $pArgs\n```\n\nTo learn how to use a specific plugins, check out `Get-PAPlugin \u003cPluginName\u003e -Guide`. There's also a [tutorial](https://poshac.me/docs/v4/Tutorial/) for a more in-depth guide to using the module.\n\nThe output of `New-PACertificate` is an object that contains various properties about the certificate you generated. Only a subset of the properties are displayed by default. To see the full list including the filesystem paths to any certificate files that were generated, pipe the original output to `Format-List` or use `Get-PACertificate | Format-List`. You can also get the path to the server's config using `(Get-PAServer).Folder`.\n\n\n## Requirements and Platform Support\n\n* Supports Windows PowerShell 5.1 (Desktop edition) **with .NET Framework 4.7.1** or later\n* Supports PowerShell 6.2 or later ([Core edition](https://docs.microsoft.com/en-us/powershell/scripting/whats-new/differences-from-windows-powershell)) on all supported OS platforms.\n* Requires `FullLanguage` [language mode](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes)\n\n*NOTE: PowerShell 6.0-6.1 should also work, but there are known issues when using `SecureString` or `PSCredential` plugin args on non-Windows platforms.*\n\n## Changelog\n\nSee [CHANGELOG.md](/CHANGELOG.md)\n","funding_links":["https://github.com/sponsors/rmbolger"],"categories":["PowerShell"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frmbolger%2FPosh-ACME","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frmbolger%2FPosh-ACME","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frmbolger%2FPosh-ACME/lists"}