Set-PAOrder revokes certificate when -Force used, even with -RevokeCert:$false

[eren-kemer]

Hello,

I've encountered a bug, i think?

When using Set-PAOrder with the -Force switch, to force switching the active order, it always asks for RevokeCert. Since i'm running my script without interaction i need to either use -Force or -Confirm:$false (which is not implemented here) I'd expect -Force to not automatically revoke the certificate, especially if i specify -RevokeCert:$false

I believe the issue lies here, since -Force defaults to Revoke? https://github.com/rmbolger/Posh-ACME/blob/bd88c1d2c435298b9cd516fd2c1823dbc7513219/Posh-ACME/Public/Set-PAOrder.ps1#L11C1-L12C24

Thank you!

[rmbolger]

Hi @eren-kemer, thanks for reaching out. The -Force switch shouldn't be necessary to change the active order without interaction. Is there some combination of parameters that was asking for confirmation? If so, that might be a bug.

The reason PowerShell is asking for the -RevokeCert switch is that (as you found) Force is only part of the parameter set used for revoking certs and the RevokeCert switch is also required for that parameter set. The docs for Set-PAOrder hopefully make this a bit more clear. https://poshac.me/docs/v4/Functions/Set-PAOrder/