"DigiCert has begun the process of revoking over 83,000 SSL/TLS certificates due to a recently identified domain validation issue."
"The issue stems from a problem with the process DigiCert used to validate domain ownership. One validation method involves adding a DNS CNAME record with a random value provided by DigiCert. This value is prefixed with an underscore to prevent conflicts with actual domain names. However, since 2019, this underscore prefix was not consistently added, leading to non-compliance with CA/Browser Forum (CABF) rules."
Wow, this a a security vulnerability I never thought of.
"The urgency and scale of this revocation have led some customers to take legal action against DigiCert in an attempt to prevent the immediate revocation of their certificates."
DigiCert revokes 83,000+ SSL/TLS certificates : Implications and next steps