Are old orders being purged from Boulder?

Did Let’s Encrypt recently start purging old/expired orders from the database? I’m getting “No order for ID X” errors when querying the order status of orders that have expired even where the certificate associated with that order has not expired.

For example, the certificate associated with this order doesn’t expire until 2019-12-19.
https://acme-staging-v02.api.letsencrypt.org/acme/order/8473560/51170089

It’s not a huge deal and it actually uncovered a bug in my client that I need to fix. So yay. But I was just curious.

@cpu

3 Likes

Hey @rmbolger, thanks for the question.

Did Let’s Encrypt recently start purging old/expired orders from the database?

Yup, we did. This change was part of a recent bugfix commit on our side. In retrospect it probably should have had an associated note in the API announcements category. Thanks for flagging the change in behaviour here.

For example, the certificate associated with this order doesn’t expire until 2019-12-19.

This is a good point and it might be worth thinking about returning expired orders until the lifetime of the associated certificate expires. That said, I think it will be a little bit more fiddly to implement that way and probably isn’t something we will get to in the short-term unless it turns out to be a more significant pain point.

4 Likes