Closed akunaatrium closed 5 years ago
Hi, Let's Encrypt remember the status of previous (recent - in the last 30 days) validations you have completed on your account (based on the account key that you are re-using). So if your order request to Let's Encrypt is signed with the same account key then that's why it's jumping straight to valid.
See also cached validations: https://letsencrypt.org/docs/faq/
Aha, very interesting. That explains it, thank you!
I don't know if my understanding is incorrect or there is a defect somewhere, but it would be great to get this straightened out.
I don't even know how to exactly reproduce it from scratch but in my case I execute these commands in PowerShell console:
Get-PAOrder -List
- just to verify that there are no orders. Returns nothing.New-PAOrder somedomain.com
- returns information about the order and the status is alreadyready
.Get-PAOrder | Get-PAAuthorizations
- shows that the DNS01Status isvalid
.I might have at some point in time actually indeed executed a DNS challenge which succeeded, but it is unexpected that this information somehow is remembered by some entity, either Posh-ACME itself or Let's Encrypt server.
My expectation is that when I have deleted all orders and create a new order, it is always in the
pending
state at first. Also the ACME standard (https://tools.ietf.org/html/rfc8555) states that for Order and Authorization objects the starting status is "pending".I am pretty sure I have misunderstood something. Can somebody share some wisdom about what is actually happening when creating a new order and is some state stored somewhere? Maybe also a quote from the ACME standard?