Posh-ACME
letsencrypt
Our great sponsors
Posh-ACME | letsencrypt | |
---|---|---|
14 | 21 | |
720 | 30,817 | |
- | 0.6% | |
6.8 | 9.0 | |
15 days ago | 16 days ago | |
PowerShell | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Posh-ACME
-
trying to copy a signed xml using get-content and set-content. It works when I get-content from the original file, or a get-content and then set-content created version of the file... but if I try to store the file in the script itself to set-content later, no dice. Why not?
Yes. It’s just text, right? So as long as the process you’re using to copy the contents into the string variable isn’t accidentally adding or removing white space (including line breaks), it should just be a matter of matching the output encoding and line endings. If the source file has Unix line endings, you may need to drop into .NET in order to output your string variable to the file. There’s an example you can use at the end of this file.
-
Anyone using Let's Encrypt Certify The Web?
Dropped it for Posh-ACME https://github.com/rmbolger/Posh-ACME
- Windows Server Cert Management in Small Environment
-
SSL Certificate Replacement Script
Also wanted to plug my cert related modules Posh-ACME and Posh-ACME.Deploy for getting and deploying free certs from Let's Encrypt or other ACME-based cert authorities. Though my modules typically require at least PS 5.1 and .NET 4.7.1.
- Cygwin in production?
- Windows 10 - Lets Encrypt help pls
-
What on earth kind of policy is this, GoDaddy?
while it does indeed work well and i did some tests with it in my home env things like https://github.com/rmbolger/Posh-ACME/issues/333 happening don't really help putting trust in the reliability of that unfortunately.
-
Web cert questions
Setup a KeyVault and Managed Identity, which you can integrate with DigiCert natively. If you'd rather use Let's Encrypt, keyvault-acmebot does work well. Certify and win-acme have KeyVault plugins, just run the software on a VM somewhere and update KeyVault. You can also use Posh-ACME and the Azure Az PowerShell module to roll your own. You could also do it on a Linux/BSD OS with various ACME implementations and the Azure CLI.
- Trojan detected, need help
-
Powershell administration of Dynamics365 - SSL certificate
Posh-ACME can help with obtaining a free cert from a public CA. I know nothing about Dynamics365 though. So I'll have to defer to others on being able to deploy the cert to it.
letsencrypt
-
ACME with Google Domains using a DNS Zone in GCS DNS
This seems to be not implemented in certbot, yet: https://github.com/certbot/certbot/issues/6566
-
OpenSpeedTest in docker through DSM Reverse Proxy - incorrect upload speeds
If you do go with NPM or Traefik, under the covers it's using certbot to request/renew your certificates through Let's Encrypt using the DNS-01 challenge, meaning you can get wildcard certs and don't have to futz around with port forwards. Again I'd think Caddy has similar functionality, I just have not used it personally. Raw NGINX you probably don't want to try out yet considering it requires manually doing the configs
- Certbot run.bat file identified as batloader trojan by windows defender. Windows defender alerted me of a trojan which appears to simply be the startup batch script for certbot. Currently running full system scan, but I suspect it to be a false positive. Any ideas?
-
Snap Store administrators removed signal-desktop from Ubuntu Snap
certbot won't be missed. The code quality is pretty poor.
https://github.com/certbot/certbot/issues 5000 bugs and it most of it can be replaced by much smaller tools
-
Good Use Of Golang?
Here’s a good code reference (Python and rust): https://github.com/certbot/certbot
-
Let's Encrypt Certbot Not Working on FreeBSD
I am trying to migrate off of Linux and back to FreeBSD, but I hit a problem today. The Let's Encrypt Certbot is not installing. A bit surprising, given how important it is. So I thought I would notify the community Here is my bug report. https://github.com/certbot/certbot/issues/9394
-
How to update Certbot on Debian 11
Last release: https://github.com/certbot/certbot/releases (on 28th August 2022 = 1.29.0)
-
Uacme: ACMEv2 client written in plain C with minimal dependencies
Right? It’s so ridiculous how you’re supposed to use Snap to install certbot. The (well, one of..) GitHub discussion is just beyond the pale:
https://github.com/certbot/certbot/issues/8345#issuecomment-...
-
Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography
It goes way beyond, since Let's Encrypt influence the ecosystem a lot and the standards that are used.
If you use Let's Encrypt, you are likely using Certbot, which means that everybody uses a tool that a central authority strongly recommends to you.
I wonder how they generate the key, for example, it may be using secp256r1: https://github.com/certbot/certbot/blob/5c111d0bd1206d864d7c...
-
Setting up nginx+letsencrypt as a reverse proxy
# nginx-ingress-https.conf events { } http { include mime.types; server { listen 443 ssl; listen [::]:443 ssl; server_name sg.horlick.me; ssl_certificate /etc/letsencrypt/live/sg.horlick.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sg.horlick.me/privkey.pem; # taken from https://github.com/certbot/certbot/blob/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; ssl_dhparam /etc/ssl/certs/dhparam.pem; sendfile on; tcp_nopush on; tcp_nodelay on; location / { proxy_pass http://host.docker.internal:9090/; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } } }
What are some alternatives?
certify - Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
acme.sh - A pure Unix shell script implementing ACME client protocol
keyvault-acmebot - Automated ACME SSL/TLS certificates issuer for Azure Key Vault (App Service / App Gateway / Front Door / CDN / others)
lego - Let's Encrypt/ACME client and library written in Go
PowerFGT - PowerShell module to manage Fortinet (FortiGate) Firewall
dehydrated - letsencrypt/acme client implemented as a shell-script – just add water
uacme - ACMEv2 client written in plain C with minimal dependencies
Cloud-Init - unofficial mirror of Ubuntu's cloud-init
Posh-ACME.Deploy - Collection of certificate deployment functions intended for use with Posh-ACME
dehydrated-bigip-ansible - Ansible based hooks for dehydrated to enable ACME certificate automation for F5 BIG-IP systems
PSKoans - A simple, fun, and interactive way to learn the PowerShell language through Pester unit testing.
SaltStack - Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here: