diff --git a/certificate/certificates.go b/certificate/certificates.go
index d6ab4b4172..2cc17c6be0 100644
--- a/certificate/certificates.go
+++ b/certificate/certificates.go
@@ -273,6 +273,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
 		Domain:     commonName,
 		CertURL:    respOrder.Certificate,
 		PrivateKey: privateKeyPem,
+		CSR:        csr,
 	}
 
 	if respOrder.Status == acme.StatusValid {
diff --git a/e2e/challenges_test.go b/e2e/challenges_test.go
index ea35dc7e7b..0139ab7d5f 100644
--- a/e2e/challenges_test.go
+++ b/e2e/challenges_test.go
@@ -232,7 +232,7 @@ func TestChallengeHTTP_Client_Obtain(t *testing.T) {
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
 	assert.NotEmpty(t, resource.IssuerCertificate)
-	assert.Empty(t, resource.CSR)
+	assert.NotEmpty(t, resource.CSR)
 }
 
 func TestChallengeHTTP_Client_Registration_QueryRegistration(t *testing.T) {
@@ -307,7 +307,7 @@ func TestChallengeTLS_Client_Obtain(t *testing.T) {
 	assert.Regexp(t, `https://localhost:14000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
 	assert.NotEmpty(t, resource.IssuerCertificate)
-	assert.Empty(t, resource.CSR)
+	assert.NotEmpty(t, resource.CSR)
 }
 
 func TestChallengeTLS_Client_ObtainForCSR(t *testing.T) {
diff --git a/e2e/dnschallenge/dns_challenges_test.go b/e2e/dnschallenge/dns_challenges_test.go
index aab3bb38c0..d967975c17 100644
--- a/e2e/dnschallenge/dns_challenges_test.go
+++ b/e2e/dnschallenge/dns_challenges_test.go
@@ -121,7 +121,7 @@ func TestChallengeDNS_Client_Obtain(t *testing.T) {
 	assert.Regexp(t, `https://localhost:15000/certZ/[\w\d]{14,}`, resource.CertStableURL)
 	assert.NotEmpty(t, resource.Certificate)
 	assert.NotEmpty(t, resource.IssuerCertificate)
-	assert.Empty(t, resource.CSR)
+	assert.NotEmpty(t, resource.CSR)
 }
 
 type fakeUser struct {