After these finding:
It appear that the certificate currently used for api.letsencrypt.org subdomains (e.g. acme-v01.api.letsencrypt.org and acme-v02.api.letsencrypt.org) is apparently not BR-compliant and thus will probably be revoked:
https://groups.google.com/d/msg/mozilla.dev.security.policy/wqySoetqUFM/A6UH3FpuBAAJ
@schoen @josh Do you plan to renew that certificate, just in case?
Common name: *.api.letsencrypt.org
SANs: *.api.letsencrypt.org, api.letsencrypt.org
Organization: INTERNET SECURITY RESEARCH GROUP
Location: Mountain View, California, US
Valid from June 26, 2015 to June 25, 2018
Serial Number: 7f0000010000014e30d50b6442c92e78
Signature Algorithm: sha256WithRSAEncryption
Issuer: TrustID Server CA A52
SSL Checker
Update 17/03:
A new certificate is used, the old one has been revoked.