Here is the story. https://github.com/acmesh-official/acme.sh/issues/4659
Seems like they exploited acme.sh and let user to evade certificate issuing procedure. Do we need to discuss this? -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/caf32f51-14d2-4f1e-a458-9f49eac6adccn%40mozilla.org.