[pixmin]

Everything is fine with PKI and SSL certificates. It was a bug in OpenSSL 1.0.1 / 1.0.2 in dealing with two times cross-signed root CA. It is fixed in 1.1.1, but these older versions are still default on RHEL6/RHEL7/Centos6/Centos7 and even Ubuntu16.04.

I think a large portion of online communications have been affected today.

[josephcsible]

It's really ironic that only "stable" distros were affected by this, and that distros with software closer to bleeding-edge worked fine through it.