The ARI (ACME Renewal Information) draft standard is approaching finalization and the draft-03 version is currently supported in by both Let's Encrypt and Google Trust Services. This change adds ARI support in the module conditionally on the existence of the renewalInfo field in the directory endpoint. As other ACME providers add support, it will be enabled automatically once they start publishing that endpoint.
The following user facing changes are part of this PR:
ARIId and Serial fields have been added to the output of Get-PACertificate
DisableARI switch added to Set-PAServer which disables ARI support for the server even it would otherwise be supported. This will primarily be useful if the ARI draft changes enough to break the current support and CAs update their implementations before the module can be updated. It may also be useful for providers with existing ARI support from an older unsupported draft.
ReplacesCert parameter added to New-PAOrder which takes an ARIId string as returned by Get-PACertificate. This will be ignored if the current ACME server doesn't support ARI or support has been explicitly disabled via Set-PAServer.
Order refreshes now perform an ARI check if supported and not disabled. The RenewAfter field is updated if the response indicates it is necessary.
Submit-Renewal now triggers an order refresh if ARI is supported and not disabled.
The ARI (ACME Renewal Information) draft standard is approaching finalization and the draft-03 version is currently supported in by both Let's Encrypt and Google Trust Services. This change adds ARI support in the module conditionally on the existence of the
renewalInfofield in the directory endpoint. As other ACME providers add support, it will be enabled automatically once they start publishing that endpoint.The following user facing changes are part of this PR:
ARIIdandSerialfields have been added to the output ofGet-PACertificateDisableARIswitch added toSet-PAServerwhich disables ARI support for the server even it would otherwise be supported. This will primarily be useful if the ARI draft changes enough to break the current support and CAs update their implementations before the module can be updated. It may also be useful for providers with existing ARI support from an older unsupported draft.ReplacesCertparameter added toNew-PAOrderwhich takes an ARIId string as returned byGet-PACertificate. This will be ignored if the current ACME server doesn't support ARI or support has been explicitly disabled viaSet-PAServer.RenewAfterfield is updated if the response indicates it is necessary.Submit-Renewalnow triggers an order refresh if ARI is supported and not disabled.