https://arstechnica.com/information-technology/2020/03/lets-encrypt-revoking-https-certs-due-to-certificate-authority-bug/

On Leap Day, Let's Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.

The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain's DNS should prohibit it. As a result, Let's Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can't be certain are legitimate, saying: