ACMEv2 protocol client for generating certificates using Let''s Encrypt (or other ACMEv2 compliant CA)

This is a custom build intended allow compatibility with .NET 4.6.1. It should not be used with PowerShell Core and you should only attempt to use RSA based key options.

Minimum PowerShell version


Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Posh-ACME.net46 -RequiredVersion 3.8.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More


Ryan Bolger


(c) 2018 Ryan Bolger. All rights reserved.



LetsEncrypt ssl tls certificates acme


Get-DnsPluginHelp Get-DnsPlugins Get-KeyAuthorization Get-PAAccount Get-PAAuthorizations Get-PACertificate Get-PAOrder Get-PAServer Install-PACertificate Invoke-HttpChallengeListener New-PAAccount New-PACertificate New-PAOrder Publish-DnsChallenge Remove-PAAccount Remove-PAOrder Remove-PAServer Save-DnsChallenge Send-ChallengeAck Set-PAAccount Set-PAOrder Set-PAServer Submit-ChallengeValidation Submit-OrderFinalize Submit-Renewal Unpublish-DnsChallenge




This module has no dependencies.

Release Notes

## 3.8.0 (2019-09-27)

* `Set-PAOrder` now supports modifying some order properties such as FriendlyName, PfxPass, and the Install switch that don't require generating a new ACME order. FriendlyName or PfxPass changes will regenerate the current PFX files with the new value(s) if they exist. Changes to the Install switch will only affect future renewals.
* Fixed FriendlyName, PfxPass, and Install parameters not applying when calling `New-PACertificate` against an existing order (#178)
* Fixed GoDaddy plugin so it doesn't fail on large accounts (100+ domains) (#179)
* Updated Cloudflare plugin to workaround API bug with limited scope tokens (#176)
* Fixed DnsSleep and ValidationTimout being null when manually creating an order with `New-PAOrder` and finishing it with `New-PACertificate`.
* Added parameter help for -NewKey on `New-PAOrder` which was missing.
* When using `New-PACertificate` against an already completed order that is not ready for renewal, the informational message has been changed to Warning from Verbose to make it more apparent that nothing was done.
* Updated `instdev.ps1` so it still works when the BouncyCastle DLL is locked and $ErrorActionPreference is set to Stop.
* Updated a bunch of plugin guides with info regarding PowerShell 6.2's fix for the SecureString serialization bug and enabling the use of secure parameter sets on non-Windows.

Version History

Version Downloads Last updated
3.12.0 61 12/10/2019
3.11.0 29 11/12/2019
3.10.0 9 11/6/2019
3.9.0 14 10/26/2019
3.8.0 (current version) 20 9/27/2019
3.7.0 7 9/18/2019
3.6.0 25 8/20/2019
3.5.0 1,264 6/21/2019
3.4.0 37 4/30/2019
3.3.0 15 3/24/2019
3.2.1 20 3/4/2019
3.2.0 22 1/22/2019
3.1.1 989 12/22/2018
3.1.0 5 12/16/2018
3.0.1 30 11/30/2018
3.0.0 30 11/13/2018
2.9.1 8 10/26/2018
2.9.0 12 10/6/2018
2.8.0 152 9/12/2018
2.7.1 5 8/30/2018
2.7.0 13 8/12/2018
2.6.0 4 8/1/2018
2.5.0 11 7/13/2018