We recently observed a relatively large spike in suspicious issuance to .tg domains. Validation was properly completed (the certificates were properly issued from Let’s Encrypt’s point of view) but we have come to suspect that the integrity of the .tg TLD system has been compromised.
We don’t know exactly what happened yet (our access to information about .tg control systems is limited), but as a result of our suspicions we have temporarily suspended all issuance to .tg domains. This block was put in place on November 2nd and will remain in place until we have reason to believe that potential issues with .tg control systems have been resolved. We also revoked 38 certificates issued to .tg domains on or after October 31.
Our investigation is ongoing. We hope to re-enable issuance to .tg domains soon. We will likely publish more information after our investigation has concluded.
Apologies for any inconvenience. This is an unusual situation and we felt that the steps we took were necessary in light of suspected registry or related control system compromise.