[ris]

...and what if you have a specific certificate pinned in your private clients for use of a private web service?

[Pirate-of-SV]

Then you should probably renew the expiring cert.

[an_account_name]

If you pinned the leaf cert, you're fucked in any event. If you pinned the CA, it's problematic for something to automatically choose a new CA for you.

[KenanSulayman]

Doesn't matter, you'll need a new certificate either way.

[darklajid]

Your point isn't bad, you just ignored/overlooked the 'expiring' part of the announcement.

If you don't pay for the renewal, pinning _probably_ is broken anyway (unless you somehow pin a cert, but ignore validation. In which case you should've used a self-signed cert from the start, I guess).

Honestly, I cannot see a downside to this. People that won't pay the CA mafia will get a cert for free. TLS everywhere. The internet wins.