[controversial97]

I presume this open Mozilla issue is related

"incorrect relative order of Subject attributes"

https://bugzilla.mozilla.org/show_bug.cgi?id=1864204

It appears that they didn't exactly follow the long complex technical requirements for how a web certificate should be formatted. I have no idea if this could somehow be a security hole.

[greyface-]

I think that's concurrent but didn't affect any ACME-issued certs. There's also https://bugzilla.mozilla.org/show_bug.cgi?id=1872371 which appears to affect 177,060 ACME certs issued with dns-01, and the notification timeline there matches what I received that led me to submit this. Looks like they were delegating DNS lookups to a third-party recursive resolver instead of doing them locally. Oops!