On 2025-03-18, two revoked certificates were removed from their CRLs before they expired. This is a violation of RFC 5280, Section 3.3, which says “An entry MUST NOT be removed from the CRL until it appears on one regularly scheduled CRL issued beyond the revoked certificate's validity period.”
We have developed, tested, and deployed a fix for this error, and the missing entries have been restored to the CRLs.
We have posted our preliminary incident report to Bugzilla here: 1954861 - Let's Encrypt: Early CRL Removal Incident
Please follow that bug for updates.