Clarification on v1 authz status and expiry

I’m finding a bunch of authzs that simultaneously have a status of pending with an expires in the distant past.

Some examples:

A (had been) relying on the status field to indicate whether the authz was usable, on the assumption that (pending + expired) = invalid.

Is it the intent that clients should pay attention to the authz expiry as well? Boulder seems to count pending authorizations with an expires > clause, so I am guessing maybe yes?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.