ACMEv2 protocol client for generating certificates using Let''s Encrypt (or other ACMEv2 compliant CA)

This is a custom build intended allow compatibility with .NET 4.6.1. It should not be used with PowerShell Core and you should only attempt to use RSA based key options.

Minimum PowerShell version


Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Posh-ACME.net46 -RequiredVersion 3.0.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More


Ryan Bolger


(c) 2018 Ryan Bolger. All rights reserved.



LetsEncrypt ssl tls certificates acme


Get-DnsPluginHelp Get-DnsPlugins Get-KeyAuthorization Get-PAAccount Get-PAAuthorizations Get-PACertificate Get-PAOrder Get-PAServer New-PAAccount New-PACertificate New-PAOrder Publish-DnsChallenge Remove-PAAccount Remove-PAOrder Save-DnsChallenge Send-ChallengeAck Set-PAAccount Set-PAOrder Set-PAServer Submit-ChallengeValidation Submit-OrderFinalize Submit-Renewal Unpublish-DnsChallenge




This module has no dependencies.

Release Notes

## 3.0.0 (2018-11-13)

* Potentially breaking changes
 * Many ACME protocol messages that previously used GET requests have been changed to POST-as-GET to comply with the latest ACME draft-16. Let's Encrypt already supports the new draft, but other ACME servers may not yet.
 * `CertIssueTimeout` param was removed from `New-PACertificate` and `Submit-OrderFinalize` because it wasn't actually being used properly in the former and doesn't seem necessary anymore.
* New Feature: Generate certs from an existing certificate request which can be useful for appliances that generate their own keys and CSRs. (Thanks @virot)
 * New `CSRPath` parameter on `New-PACertificate` and `New-PAOrder` that removes the need for `Domain`, `CertKeyLength`, `NewCertKey`, `OCSPMustStaple`, `FriendlyName`, `PfxPass`, and `Install` parameters when used. Most values will be extracted from the CSR.
 * Certs generated using this method will not have PFX files created because there is no private key.
 * Certs generated using this method can not be automatically installed to the Windows cert store because there are no PFX files.
* `Get-KeyAuthorization` now has `ForDNS` parameter which returns the actual TXT value necessary for the dns-01 challenge. (Thanks @chandan1001)
* Added new DNS plugins
 * IBMSoftLayer (IBM Cloud DNS)
 * AutoDNS (InternetX XML Gateway)
* Fix for some validation params not getting set properly on new instances of old orders
* Fix for Windows plugin not using `$dnsParams` appropriately (Thanks @B4dM4n)

Version History

Version Downloads Last updated
3.12.0 61 12/10/2019
3.11.0 29 11/12/2019
3.10.0 9 11/6/2019
3.9.0 14 10/26/2019
3.8.0 20 9/27/2019
3.7.0 7 9/18/2019
3.6.0 25 8/20/2019
3.5.0 1,228 6/21/2019
3.4.0 37 4/30/2019
3.3.0 15 3/24/2019
3.2.1 20 3/4/2019
3.2.0 22 1/22/2019
3.1.1 989 12/22/2018
3.1.0 5 12/16/2018
3.0.1 30 11/30/2018
3.0.0 (current version) 30 11/13/2018
2.9.1 8 10/26/2018
2.9.0 12 10/6/2018
2.8.0 152 9/12/2018
2.7.1 5 8/30/2018
2.7.0 13 8/12/2018
2.6.0 4 8/1/2018
2.5.0 11 7/13/2018
Show less