Rimuru
December 25, 2023, 1:25pm
1
I am testing APIs for LetsEncrypt in staging environment,. While testing the new-order API, I noticed that the order URL remains the same for all the orders with the same identifiers using the same account.
Is this the normal behaviour of LetsEncrypt? Because, I tested GlobalSign and it gives different OrderIDs each time using the same common name.
Osiris
December 25, 2023, 1:34pm
2
Yes, Let's Encrypt re-uses orders if possible. See:
# Boulder implementation details
The ACME specification ([RFC 8555]) clearly dictates what Clients and Servers
must do to properly implement the protocol.
The specification is intentionally silent, or vague, on certain points to give
developers freedom in making certain decisions or to follow guidance from other
RFCs. Due to this, two ACME Servers might fully conform to the RFC but behave
slightly differently. ACME Clients should not "over-fit" on Boulder or the
Let's Encrypt production service, and aim to be compatible with a wide range of
ACME Servers, including the [Pebble](https://github.com/letsencrypt/pebble)
test server.
The following items are a partial listing of RFC-conformant design decisions
Boulder and/or LetsEncrypt have made. This listing is not complete, and is
based on known details which have caused issues for developers in the past. This
listing may not reflect the current status of Boulder or the configuration of
LetsEncrypt's production instance and is provided only as a reference for client
developers.
show original
(Same goes for separate authorizations by the way. See the paragraph above the one I linked above.)
8 Likes
system
January 24, 2024, 1:35pm
3
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.