Yesterday, Upstream provider CERTUM notified us of an urgent issue with an intermediate certificate [Root CA - G3].
We are writing to inform you that if your certificate was issued by [Root CA - G3] certificate Requires replacement. The serial numbers for these certificates were generated with insufficient entropy, which violates the CA/Browser Forum Baseline (CABF BR). Specifically, CABF BR requires that "CAs SHALL generate Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG."
As a result, CERTUM must reissue your certificate within the next 7 days under CABF BR guidelines.
Please note that you are required to visit the dashboard to complete the replacement process within 7 days. While the process requires re-verifying domain name control ownership, you can choose HTTP/DNS verification method during the replacement process. You will get a new certificate after verification is complete.;
We will issue you a new certificate valid for 12 months to keep our service reputation as always.
The affected intermediate certificate is: [Root CA - G3]
https://repository.certum.pl/rootnetworksdv.pem
https://crt.sh/?id=3380671365
We apologize for any inconvenience this may cause and encourage you to replace these certificates immediately.