Skip to content

Find Deprecated PluginArgs

Posh-ACME 4.8 has deprecated the old "insecure" plugin parameter sets that used to be necessary on non-Windows machines running early versions of PowerShell 6. This means that when Posh-ACME 5.0 is eventually released, certificate orders renewing with those parameter sets will stop working if they haven't been replaced by a "secure" parameter set. So it would be wise to update those parameters sooner rather than later.

In most cases, migrating to a secure parameter set is just a matter of using a SecureString version of a token, key, or password instead of a standard String object. It might also mean using a PSCredential object instead of separate Username and Password parameters. The usage guide for each plugin will detail exactly what to use.

If you have a lot of accounts or orders, particularly if they use different plugins, it may be a tedious process to find the orders that are using the deprecated parameters. Here's a function to help find those orders more easily.


The function assumes you've already installed Posh-ACME 4.8 or later which may also be required in order to migrate to the secure parameter sets that were added in 4.8.

function Find-DeprecatedPluginArgs {

    # build a list of parameter names that we know are deprecated
    $badParams = @(

    $results = foreach ($server in (Get-PAServer -List)) {
        Write-Verbose " Server: $($server.Name)"
        try { $server | Set-PAServer }
        catch {
            Write-Warning "Failed to set server $($server.Name)"

        foreach ($acct in (Get-PAAccount -List)) {
            Write-Verbose "Account: $($"
            try { $acct | Set-PAAccount }
            catch {
                Write-Warning "Failed to set account $($"

            foreach ($order in (Get-PAOrder -List)) {
                $paNames = ($order | Get-PAPluginArgs).Keys | ForEach-Object {$_}
                if (-not $paNames) { continue }

                if ($badMatches = Compare-Object $paNames $badParams -ExcludeDifferent -IncludeEqual) {
                        ServerName = $server.Name
                        AccountID = $
                        OrderName = $order.Name
                        Plugin = $order.Plugin
                        DeprecatedParams = $badMatches.InputObject -join ','