Let's Encrypt temporarily halted all certificate issuance on May 8th after discovering a potential incident involving their root certificate infrastructure. The organization shut down issuance across both production and staging environments at approximately 18:37 UTC, affecting multiple API endpoints including acme-v02.api.letsencrypt.org and portal.letsencrypt.org, along with their staging counterparts.

The root cause was traced to problems with the cross-signed certificate bridging Let's Encrypt's established Generation X root to their newer Generation Y root. Engineers resolved the issue by reverting all issuance back to the Generation X root certificate. This affected the "tlsserver" and "shortlived" ACME certificate profiles used by millions of websites worldwide.

Let's Encrypt successfully resumed issuance after implementing the fix. The incident underscores the technical complexity of managing a major certificate authority and the delicate process of migrating between root certificate generations while maintaining uninterrupted service for the internet's encryption backbone.