Will the order status remain ready?

I am testing the Let's Encrypt APIs. My doubt is that after validating a challenge, say dns-01, the order status goes from pending to ready. And then it changes to processing and then to valid after calling finalize URL with my CSR and I get my certificate.

Now, if I try to reissue my certificate for the same identifier, when I place the order -

  1. It starts at ready state and not pending state.
  2. I need not complete and validate any challenge and can get my certificate directly.
  3. Even if I want to validate a challenge, I can complete only dns-01 and no http-01 and tls-alpn-01

Will it be in ready state for the lifetime of the account or only for a specific period of time?

CA may reuse completed auth object up to 30 days:


So, if I try to reissue after 30 days, I will get an order in pending state with all three types of challenges present and I need to validate the challenge?
Also, can you post the source of your info


If you're developing an ACME client it's best to try it against as many ACME server implementations as you can because some have slightly different behaviors. I would suggest:

  • Pebble (running under docker)
  • Let's Encrypt Staging
  • Let's Encrypt Production
  • ZeroSSL
  • BuyPass Go
  • Google Trust Services

Adding: The Authorization Object is tied to the Account

CA may reuse for up to 30 days. This is not guaranteed.
LetsEncrypt currently does this, but plans for it to be shorter. IIRC, that is somewhat tied to the future "short lived certs" offering.

Other CAs may or may not support reuse at all, which is why @webprofusion made the suggestion above.


CAs may even reuse these authz for a longer time according to the BR (825 days, see section 4.2.1).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.