• PAOrder objects now have a flag to optionally use modern encryption options on generated PFX files. This will prevent the need to use "legacy" mode when reading the files with OpenSSL 3.x. However, it breaks compatibility with OpenSSL 1.0.x and earlier.
  • You can use the -UseModernPfxEncryption flag with New-PACertificate, New-PAOrder, and Set-PAOrder. When used with Set-PAOrder, existing PFX files will be re-written based on the flag's new value.
  • Use Set-PAOrder -UseModernPfxEncryption:$false to switch back to the default setting.
  • The default for new orders will likely remain off until Posh-ACME 5.x is released.
• Added new DNS plugin PortsManagement (Thanks @wemmer)
• The GCloud plugin has a new optional parameter, GCProjectId that takes one or more string values. This is only required if the DNS zones to modify don't reside in the same project as the service account referenced by GCKeyFile or they reside in multiple projects. When used, be sure to include all project IDs including the one referenced by GCKeyFile.
• Added Google's new free ACME CA to the CA comparison doc
• Upgraded the embedded BouncyCastle library to 1.9.0
• Fixed UKFast plugin to support paging for accounts with many domains (Thanks @0x4c6565)
• Fixed PFX friendly name generation when not provided in the order.