v3.1.1

• Fixed typo in Route53 plugin that prevented finding the AwsPowershell module

v3.1.0

• The following plugins have added non-Windows OS support or extended their existing support. Check the plugin guides for details.
  • Azure
  • DNSimple
  • Infoblox
  • Linode
  • LuaDns
  • NS1
  • Route53
• Route53 plugin no longer requires AwsPowershell module when used with explicit keys. It will still use the module if it's installed.
• Added tab completion for plugin names with Get-DnsPluginHelp
• Fix #112 for Azure and errors with private zones and subscriptions with more than 100 zones

v3.0.1

• Fix for #110 Submit-Renewal with -AllOrders or -AllAccounts fails to renew orders with invalid status. (Thanks @jeffmnall!)
• Fix for #109 New-PACertificate throws an error if -DnsPlugin is not specified rather than defaulting to Manual. (Thanks @TiloGit!)
• Fix internal BouncyCastle to .NET private key conversions where key parameters may need padding. (Thanks @alexzorin and @webprofusion-chrisc!)

v3.0.0

• Potentially breaking changes
  • Many ACME protocol messages that previously used GET requests have been changed to POST-as-GET to comply with the latest ACME draft-16. Let's Encrypt already supports the new draft, but other ACME servers may not yet.
  • CertIssueTimeout param was removed from New-PACertificate and Submit-OrderFinalize because it wasn't actually being used properly in the former and doesn't seem necessary anymore.
• New Feature: Generate certs from an existing certificate request which can be useful for appliances that generate their own keys and CSRs. (Thanks @virot)
  • New CSRPath parameter on New-PACertificate and New-PAOrder that removes the need for Domain, CertKeyLength, NewCertKey, OCSPMustStaple, FriendlyName, PfxPass, and Install parameters when used. Most values will be extracted from the CSR.
  • Certs generated using this method will not have PFX files created because there is no private key.
  • Certs generated using this method can not be automatically installed to the Windows cert store because there are no PFX files.
• Get-KeyAuthorization now has ForDNS parameter which returns the actual TXT value necessary for the dns-01 challenge. (Thanks @chandan1001)
• Added new DNS plugins
  • IBMSoftLayer (IBM Cloud DNS)
  • AutoDNS (InternetX XML Gateway)
• Fix for some validation params not getting set properly on new instances of old orders
• Fix for Windows plugin not using $dnsParams appropriately (Thanks @B4dM4n)

v2.9.1

• Fix (#94) for TXT record cleanup bug when some domains were already validated (Thanks @philr!)
• Fix (#95) error handling in New-PACertificate and New-PAOrder that would mistakenly cause new orders to be created if there were problems checking old orders. (Thanks @philr!)
• Azure fix (#96) to allow special characters in credentials. (Thanks @philr!)
• Route53 fix for errors caused by public/private zones with same name (#100) (Thanks @spaceygithub!)

v2.9.0

• Added new DNS plugins
  • BlueCat (Thanks @marshallford)
  • Gandi
• Updated DMEasy plugin to support non-Windows

v2.8.0

• Added new DNS plugins
  • Aliyun (Alibaba Cloud)
  • DeSEC (Thanks @nazar554)
• Fix for type error when using OCSP Must-Staple (Thanks @casselc)
• Parameter binding bug fixes for Azure and Windows plugins (Thanks @mithrandyr)

v2.7.1

• Removed ACMEv2 draft-12 support for account key rollover. No known CAs are still implementing draft-12.
• Fix for issue #53 with GoDaddy plugin not being able to remove TXT records in some cases. Thanks @davehope!
• Performance and efficiency improvements with GoDaddy plugin
• Fixed Get-PACertificate -List only showing certs from 'valid' orders.

v2.7.0

• Added new DNS plugin ClouDNS
• Added ACMEv2 draft-13 support for account key rollover. This is an interim fix that should still work with draft-12 as well. Once Let's Encrypt goes into production with draft-13, the draft-12 support will be removed.
• .NET version check now throws a warning instead of error on module load
• Fixed Get-PAAccount not filtering contacts correctly
• Minor fix and help correction in Namecheap plugin
• Get-PAAccount and Get-PAOrder now return null instead of an error if an invalid account or order was specified. (Thanks for the idea @maybe-hello-world)

v2.6.0

• Added additional functions that should make it easier to manually respond to challenges. In particular, this should allow people to use the HTTP challenge until a formal HTTP challenge plugin solution is introduced. (Thanks John B. for the idea!)
  • Get-KeyAuthorization calculate a key authorization string for a challenge token.
  • Send-ChallengeAck notifies the ACME server to proceed validating a challenge.
  • The output object on Get-PAAuthorizations now contains top level attributes relating to the HTTP challenge (in addition to the existing DNS challenge).
• Added new DNS plugins
  • Namecheap
  • Rackspace
• Migrated all internal DateTime handling to use DateTimeOffset which is less finicky across time zones for the types of comparisons generally being performed.