#webtrust — Public Fediverse posts

#LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

[^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

[^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

#LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

[^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

[^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

#LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

[^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

[^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

#LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

[^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

[^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

#LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

[^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

[^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

👮🏼‍♀️When you bake a gatekeeper right into your browser…but instead of placing that power in a transparent, representative organization (🌍 UN, W3C, etc.),
you think: “Let’s just leave that to Google Search.” 🙃

👉 Result: open-source projects like Immich get flagged as “dangerous.”

#DigitalSovereignty #OpenSource #Google #WebTrust #DecentralizeTheWeb

https://immich.app/blog/google-flags-immich-as-dangerous