diff --git a/certificate/certificates.go b/certificate/certificates.go
index 04904e794..e5ebe4762 100644
--- a/certificate/certificates.go
+++ b/certificate/certificates.go
@@ -351,6 +351,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
 		Domain:     domains[0],
 		CertURL:    respOrder.Certificate,
 		PrivateKey: privateKeyPem,
+		CSR:        csr,
 	}
 
 	if respOrder.Status == acme.StatusValid {
diff --git a/e2e/challenges_test.go b/e2e/challenges_test.go
index be1d23131..ed9e1b560 100644
--- a/e2e/challenges_test.go
+++ b/e2e/challenges_test.go
@@ -239,7 +239,7 @@ func TestChallengeHTTP_Client_Obtain(t *testing.T) {
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
 	assert.NotEmpty(t, resource.IssuerCertificate)
-	assert.Empty(t, resource.CSR)
+	assert.NotEmpty(t, resource.CSR)
 }
 
 func TestChallengeHTTP_Client_Obtain_profile(t *testing.T) {
@@ -449,7 +449,7 @@ func TestChallengeTLS_Client_Obtain(t *testing.T) {
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
 	assert.NotEmpty(t, resource.IssuerCertificate)
-	assert.Empty(t, resource.CSR)
+	assert.NotEmpty(t, resource.CSR)
 }
 
 func TestChallengeTLS_Client_ObtainForCSR(t *testing.T) {
diff --git a/e2e/dnschallenge/dns_challenges_test.go b/e2e/dnschallenge/dns_challenges_test.go
index 9dd9ab0d6..ef7031b3e 100644
--- a/e2e/dnschallenge/dns_challenges_test.go
+++ b/e2e/dnschallenge/dns_challenges_test.go
@@ -183,7 +183,7 @@ func TestChallengeDNS_Client_Obtain_profile(t *testing.T) {
 	assert.Regexp(t, `https://localhost:15000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
 	assert.NotEmpty(t, resource.IssuerCertificate)
-	assert.Empty(t, resource.CSR)
+	assert.NotEmpty(t, resource.CSR)
 }
 
 type fakeUser struct {