I have a user who was confused why their (staging) cert request using a ECDSA_P256 key and sha256ECDSA signature algorithm came back signed with a different sha384ECDSA signature algorithm.
I found this old thread where @_az mentioned that the signature algorithms for signed certs are based on the key of the issuer which answers the question. But I was wondering if this is a Boulder-specific choice or just the nature of how certificate signing works.
It's just the nature of how certificate signing works. The R3 intermediate is an RSA key, so it can only sign things with an RSA signature. The E1 intermediate is a P-384 key, so it can only sign things with a P-384 signature.
The signature used in a CSR, as best as I understand it, is just proving that you own the associated private key that's making the request. So, the signature type used on it would thus just be based on the key of that leaf, not the key of the intermediate that would end up signing it.
Just adding for future readers: the important thing to focus on is the Certificate+Key will use the client's specified Key and Algorithm to secure traffic. Like @petercooperjr noted, only the Certificate itself is signed with the "unexpected" Key/Algorithm.