DigiCert is mass-revoking TLS/SSL certificates due to a bug in domain validation. The company verified if customers owned or operated a domain by adding a random string to the DNS CNAME record without an underscore prefix, which increased the risk of collisions between domains and subdomains. This issue affects approximately 0.4% of domain validations conducted between August 2019 and June 2024.
To resolve this, DigiCert will revoke impacted certificates within 24 hours. Customers must reissue their certificates through the CertCentral portal and install them on their servers before the revocation deadline. Failing to complete this process may cause a loss of connectivity for websites or applications.
DigiCert has taken steps to prevent similar incidents from occurring, including reviewing and consolidating random value generators, simplifying user experience, embedding compliance team members in development sprints, expanding test coverage, and planning to open-source Domain Control Verification by November 1, 2024.+
+Source: https://www.bleepingcomputer.com/news/security/digicert-mass-revoking-tls-certificates-due-to-domain-validation-bug/