New-PAOrder creates an order immediately in "ready" state

[akunaatrium]

I don't know if my understanding is incorrect or there is a defect somewhere, but it would be great to get this straightened out.

I don't even know how to exactly reproduce it from scratch but in my case I execute these commands in PowerShell console:

1. Get-PAOrder -List - just to verify that there are no orders. Returns nothing.
2. New-PAOrder somedomain.com - returns information about the order and the status is already ready.
3. Get-PAOrder | Get-PAAuthorizations - shows that the DNS01Status is valid.

I might have at some point in time actually indeed executed a DNS challenge which succeeded, but it is unexpected that this information somehow is remembered by some entity, either Posh-ACME itself or Let's Encrypt server.

My expectation is that when I have deleted all orders and create a new order, it is always in the pending state at first. Also the ACME standard (https://tools.ietf.org/html/rfc8555) states that for Order and Authorization objects the starting status is "pending".

I am pretty sure I have misunderstood something. Can somebody share some wisdom about what is actually happening when creating a new order and is some state stored somewhere? Maybe also a quote from the ACME standard?

[webprofusion-chrisc]

Hi, Let's Encrypt remember the status of previous (recent - in the last 30 days) validations you have completed on your account (based on the account key that you are re-using). So if your order request to Let's Encrypt is signed with the same account key then that's why it's jumping straight to valid.

See also cached validations: https://letsencrypt.org/docs/faq/

[akunaatrium]

Aha, very interesting. That explains it, thank you!