New package: SimpleACME.SimpleACME.Trimmed version 2.3.2.1981

[Dragon1573]

Checklist for Pull Requests

• Have you signed the Contributor License Agreement?
• Resolve [Package Request]: SimpleACME.SimpleACME.Trimmed version 2.3.2.1981 #266036

Manifests

• Have you checked that there aren't other open pull requests for the same manifest update/change?
• This PR only modifies one (1) manifest
• Have you validated your manifest locally with winget validate --manifest <path>?
• Have you tested your manifest locally with winget install --manifest <path>?
• Does your manifest conform to the 1.10 schema?

Note: <path> is the directory's name containing the manifest you're submitting.

---

Microsoft Reviewers: Open in CodeFlow

[wingetbot]

   

[wingetbot]

Validation Pipeline Run WinGetSvc-Validation-65-266037-20250614-1

[stephengillie]

Manual Validation ended with:

PS C:\Users\User\Desktop> C:\Users\User\AppData\Local\Microsoft\WinGet\Packages\SimpleACME.SimpleACME.Trimmed__DefaultSource\wacs.exe --version
CLR: Assert failure(PID 4804 [0x000012c4], Thread: 8220 [0x201c]): !AreShadowStacksEnabled() || UseSpecialUserModeApc()
File: D:\a_work\1\s\src\coreclr\vm\threads.cpp:7938 Image:
C:\Users\User\AppData\Local\Microsoft\WinGet\Packages\SimpleACME.SimpleACME.Trimmed__DefaultSource\wacs.exe
PS C:\Users\User\Desktop>

(Automated response - build 1067.)

[Dragon1573]

😕 @stephengillie, there's nothing wrong in my Windows Sandbox instance.

Manual validation

Validation logs

PS C:\Users\WDAGUtilityAccount\Desktop\winget-pkgs>
>> wacs.exe --version
 ...done. You may manually add specific trusted accounts to the ACL.

 A simple cross platform ACME client (WACS)
 Software version 2.3.2.1981 (release, trimmed, standalone, 64-bit)
 Connecting to https://acme-v02.api.letsencrypt.org/...
 Scheduled task not configured yet
 Check the manual at https://simple-acme.com
 Please leave a ★ at https://github.com/simple-acme/simple-acme

PS C:\Users\WDAGUtilityAccount\Desktop\winget-pkgs>
>> wacs.exe --help

 A simple cross platform ACME client (WACS)
 Software version 2.3.2.1981 (release, trimmed, standalone, 64-bit)
 Connecting to https://acme-v02.api.letsencrypt.org/...
 Scheduled task not configured yet
 Check the manual at https://simple-acme.com
 Please leave a ★ at https://github.com/simple-acme/simple-acme

 ---------------------
 Main
 ---------------------

     --baseuri
     Address of the ACME server to use. The default endpoint can be modified in
     settings.json.

     --test
     Enables testing behaviours in the program which may help with troubleshooting.
     By default this also switches the --baseuri to the ACME test endpoint. The
     default endpoint for test mode can be modified in settings.json.

     --verbose
     Print additional log messages to console for troubleshooting and bug reports.

     --help
     Show information about all available command line options.

     --version
     Show version information.

     --config
     Output configuration information in JSON format.

     --renew
     Renew any certificates that are due. This argument is used by the scheduled
     task. Note that it's not possible to change certificate properties and renew
     at the same time.

     --force
     [--renew] Always execute the renewal, disregarding the validity of the current
     certificates and the prefered schedule.

     --nocache
     Bypass the cache on certificate requests. Applies to both new requests and
     renewals.

     --register
     Create an ACME service account without creating a certificate.

     --cancel
     Cancel renewal specified by the --friendlyname or --id arguments.

     --revoke
     Revoke the most recently issued certificate for the renewal specified by the
     --friendlyname or --id arguments.

     --list
     List all created renewals in unattended mode.

     --encrypt
     Rewrites all renewal information using current EncryptConfig setting

     --id
     [--source|--cancel|--renew|--revoke] Id of a new or existing renewal, can be
     used to override the default when creating a new renewal or to specify a
     specific renewal for other commands.

     --friendlyname
     [--source|--cancel|--renew|--revoke] Friendly name of a new or existing
     renewal, can be used to override the default when creating a new renewal or to
     specify a specific renewal for other commands. In the latter case a pattern
     might be used. You may use a * for a range of any characters and a
     ? for any single character. For example: the pattern
     example.* will match example.net and example.com
     (but not my.example.com) and the pattern ?.example.com will
     match a.example.com and b.example.com (but not
     www.example.com). Note that multiple patterns can be combined by
     comma seperating them.

     --source
     Specify which source plugin to run, bypassing the main menu and triggering
     unattended mode.

     --validation
     Specify which validation plugin to run. If none is specified, SelfHosting
     validation will be chosen as the default.

     --validationmode
     Specify which validation mode to use. HTTP-01 is the default.

     --order
     Specify which order plugin to use. Single is the default.

     --csr
     Specify which CSR plugin to use. RSA is the default.

     --store
     Specify which store plugin to use. CertificateStore is the default. This may
     be a comma-separated list.

     --installation
     Specify which installation plugins to use (if any). This may be a
     comma-separated list.

     --vaultstore
     Store a new value in the secret vault, or overwrite an existing one.

     --vaultkey
     Key to target for vault commands. This should be in the format like
     vault://json/mysecret.

     --vaultsecret
     Secret to save in the vault.

     --closeonfinish
     [--test] Close the application when complete, which usually does not happen
     when test mode is active. Useful to test unattended operation.

     --hidehttps
     Hide sites that have existing https bindings from interactive mode.

     --notaskscheduler
     Do not create (or offer to update) the scheduled task.

     --setuptaskscheduler
     Create or update the scheduled task according to the current settings.

 * Account

     --accepttos
     Accept the ACME terms of service.

     --emailaddress
     Email address to link to your ACME account.

     --eab-key-identifier
     Key identifier to use for external account binding.

     --eab-key
     Key to use for external account binding. Must be base64url encoded.

     --eab-algorithm
     Algorithm to use for external account binding. Valid values are HS256
     (default), HS384, and HS512.

     --account
     Optionally provide a name for the account. Using different names for different
     renewals enables you to managed multiple accounts for a single ACME endpoint.
     Unless you have a specific need to do this, we recommend to not use this.

 ---------------------
 Source
 ---------------------

 * Custom CSR [--source csr]

     --csrfile
     Specify the location of a CSR file to make a certificate for

     --csrscript
     Specify the location of a script that will generate the CSR file on demand

     --pkfile
     Specify the location of the private key corresponding to the CSR

 * Manual input [--source manual]

     --commonname
     Specify the common name of the certificate. If not provided the first host
     name will be used.

     --host
     A host name to get a certificate for. This may be a comma-separated list.

 * IIS bindings [--source iis]

     --siteid
     Identifiers of one or more sites to include. This may be a comma-separated
     list.

     --host
     Host name to filter. This parameter may be used to target specific bindings.
     This may be a comma-separated list.

     --host-pattern
     Pattern filter for host names. Can be used to dynamically include bindings
     based on their match with the pattern.You may use a * for a range of
     any characters and a ? for any single character. For example: the
     pattern example.* will match example.net and
     example.com (but not my.example.com) and the pattern
     ?.example.com will match a.example.com and
     b.example.com (but not www.example.com). Note that multiple
     patterns can be combined by comma seperating them.

     --host-regex
     Regex pattern filter for host names. Some people, when confronted with a
     problem, think "I know, I'll use regular expressions." Now they have two
     problems.

     --commonname
     Specify the common name of the certificate that should be requested for the
     source. By default this will be the first binding that is enumerated.

     --excludebindings
     Exclude host names from the certificate. This may be a comma-separated list.

     --host-type
     Specify which types of bindings to consider. May be set to http, ftp or both
     (comma separated)

 ---------------------
 Csr
 ---------------------

 * Elliptic Curve [--csr ec]

     --ocsp-must-staple
     Enable OCSP Must Staple extension on certificate.

     --reuse-privatekey
     Reuse the same private key for each renewal.

 * RSA [--csr rsa]

     --ocsp-must-staple
     Enable OCSP Must Staple extension on certificate.

     --reuse-privatekey
     Reuse the same private key for each renewal.

 ---------------------
 HTTP validation
 ---------------------

 * Filesystem [--validation filesystem]

     --validationsiteid
     Specify IIS site to use for handling validation requests. This will be used to
     choose the web root path.

     --webroot
     Root path of the site that will serve the HTTP validation requests.

     --manualtargetisiis
     Copy default web.config to the .well-known directory.

 * Self-hosting [--validation selfhosting]

     --validationport
     Port to use for listening to validation requests. Note that the ACME server
     will always send requests to port 80. This option is only useful in
     combination with a port forwarding.

     --validationprotocol
     Protocol to use to handle validation requests. Defaults to http but may be set
     to https if you have automatic redirects setup in your infrastructure before
     requests hit the web server.

 * FTP(S) [--validation ftp]

     --username
     Username for remote server

     --password
     Password for remote server

     --webroot
     Root path of the site that will serve the HTTP validation requests.

     --manualtargetisiis
     Copy default web.config to the .well-known directory.

 * SFTP [--validation sftp]

     --username
     Username for remote server

     --password
     Password for remote server

     --webroot
     Root path of the site that will serve the HTTP validation requests.

     --manualtargetisiis
     Copy default web.config to the .well-known directory.

 * WebDav [--validation webdav]

     --username
     Username for remote server

     --password
     Password for remote server

     --webroot
     Root path of the site that will serve the HTTP validation requests.

     --manualtargetisiis
     Copy default web.config to the .well-known directory.

 ---------------------
 DNS validation
 ---------------------

 * Custom script [--validation script]

     --dnsscript
     Path to script that creates and deletes validation records, depending on its
     parameters. If this parameter is provided then --dnscreatescript and
     --dnsdeletescript are ignored.

     --dnscreatescript
     Path to script that creates the validation TXT record.

     --dnscreatescriptarguments
     Default parameters passed to the script are "create {Identifier} {RecordName}
     {Token}", but that can be customized using this argument.

     --dnsdeletescript
     Path to script to remove TXT record.

     --dnsdeletescriptarguments
     Default parameters passed to the script are "delete {Identifier} {RecordName}
     {Token}", but that can be customized using this argument.

     --dnsscriptparallelism
     Configure parallelism mode. 0 is fully serial (default), 1 allows multiple
     records to be created simultaneously, 2 allows multiple records to be
     validated simultaneously and 3 is a combination of both forms of parallelism.

 * acme-dns [--validation acme-dns]

     --acmednsserver
     Root URI of the acme-dns service

 ---------------------
 TLS validation
 ---------------------

 * Self-hosting [--validationmode tls-alpn-01 --validation selfhosting]

     --validationport
     Port to use for listening to validation requests. Note that the ACME server
     will always send requests to port 443. This option is only useful in
     combination with a port forwarding.

 ---------------------
 Store
 ---------------------

 * Windows Certificate Store [--store certificatestore]

     --certificatestore
     This setting can be used to save the certificate in a specific store. By
     default it will go to 'WebHosting' store on modern versions of Windows.

     --keepexisting
     While renewing, do not remove the previous certificate.

     --acl-fullcontrol
     List of additional principals (besides the owners of the store) that should
     get full control permissions on the private key of the certificate. Will not
     work when UseNextGenerationCryptoApi is set to true.

     --acl-read
     List of additional principals (besides the owners of the store) that should
     get read permissions on the private key of the certificate. Will not work when
     UseNextGenerationCryptoApi is set to true.

 * PEM files [--store pemfiles]

     --pemfilespath
     .pem files are exported to this folder.

     --pemfilesname
     Prefix to use for the .pem files, defaults to the common name.

     --pempassword
     Password to set for the private key .pem file.

 * PFX file [--store pfxfile]

     --pfxfilepath
     Path to write the .pfx file to.

     --pfxfilename
     Prefix to use for the .pfx file, defaults to the common name.

     --pfxpassword
     Password to set for .pfx file exported to the folder.

 * P7B file [--store p7bfile]

     --p7bfilepath
     Path to write the .p7b file to.

     --p7bfilename
     Prefix to use for the .p7b file, defaults to the common name.

 * Central Certificate Store [--store centralssl]

     --centralsslstore
     Location of the IIS Central Certificate Store.

     --pfxpassword
     Password to set for .pfx files exported to the IIS Central Certificate Store.

 ---------------------
 Installation
 ---------------------

 * Custom script [--installation script]

     --script
     Path to script file to run after retrieving the certificate. This may be any
     executable file or a Powershell (.ps1) script.

     --scriptparameters
     Parameters for the script to run after retrieving the certificate. Refer to
     https://simple-acme.com/reference/plugins/installation/script for further
     instructions.

 * Manage IIS bindings [--installation iis]

     --installationsiteid
     Specify site to install new bindings to. Defaults to the source if that is an
     IIS site.

     --sslport
     Port number to use for newly created HTTPS bindings. Defaults to 443.

     --sslipaddress
     IP address to use for newly created HTTPS bindings. Defaults to *.

[wingetbot]

Publish pipeline succeeded for this Pull Request. Once you refresh your index, this change should be present.