Is it possible that a certificate order will become valid without posting a CSR?
We can see several orders (I think it’s only for retry orders that we got 500 internal server error from Lets Encrypt before so we retry ordering) that become valid before even posting the CSR for the order. We suspect that this situation causes a mismatch between the private key and the certificate.
I will describe the situation:
- We order a certificate for domain
domain.comwith private key A
- The order failed at some point with 500 error from Lets Encrypt
- We retry ordering the Certificate for
domain.comwith private key B
- The order finished successfully but private key B mismatch the certificate. private key A was dropped so I cannot tell for sure that it matches… but probably it will
Any idea of how to handle correctly such a scenario? how can we prevent such cases? how can we make sure every new order will request a CSR and not become
valid without it?