-
-
Notifications
You must be signed in to change notification settings - Fork 186
3.x FAQ
Yes as of 2.2.0!...with a few caveats.
The -Install parameter in New-PACertificate is not supported on non-Windows platforms and will throw an error if used because there's no certificate store equivalent to install to.
On non-Windows OSes running PowerShell 6.0-6.1, there's a known issue that breaks the ability to save [securestring] and [pscredential] parameters on DNS plugins. Most plugins have "Insecure" alternative parameter sets that can be used. See the plugin's guide for details (links on the List of Supported DNS Providers wiki page).
PowerShell 6.2 fixes the bug and allows you to use the secure parameter sets. However when serialized to disk, the values are only obfuscated rather than encrypted.
I'm currently maintaining a custom Posh-ACME build (primarily for Azure Automation customers) that reduces the .NET requirement down to .NET 4.6.1. It's also distributed via the PowerShell Gallery under the name, Posh-ACME.net46. The limitations in that version are that it won't run on PowerShell Core and you can't use ECC-based keys. But everything else should work the same. It will be maintained for at least as long as it takes Azure to upgrade their supported .NET Framework to .NET 4.7.1+.
This can happen if you try to copy the Posh-ACME profile folder to a different Windows computer or a different user's profile on the same computer. The underlying APIs used to encrypt plugin parameters using SecureString and PSCredential objects are tied to both the current computer and user and are not portable. Currently, this should only affect saved PluginArgs values. So if you re-request a certificate using new PluginArgs, it should work and re-save them for the new user/computer.
This error is currently generated in PowerShell Core 6.0-6.1.3 on non-Windows OSes due to this PowerShell issue. Upgrade to PowerShell Core 6.2 or use the plugin's "Insecure" parameter sets. Details can be found in the usage guides linked from the List of Supported DNS Providers wiki page.