Saw someone link this earlier today. Figured others here might want to be aware.
No hard details, but it sounds like they're going to be making their free cert offerings more limited in the form of rate limiting and limits on total number of "active" certs. I wonder if they're feeling a lot of increased load from non-US folks ditching LE because of the US association.
Sounds like their new owner is moving towards a fee-for-service model. And, at least for now will allow very limited free certs via ACME. I don't think I'll be relying on them as a backup CA 
I focused on this part of their announcement
The Buypass GoSSL service will be replaced with a new Buypass GoTLS service.
...
The main GoTLS service will be a paid service using a volume-based price model and improved features (e.g. support for wildcard) and higher rate limits.
While noting this from Nov 2024: Change of ownership in Buypass AS | Buypass.com
I'm in the USA and looking to move everything to them. They may be the only CA with servers physically outside the USA, which makes them largely immune to compromise by government actors without a court order -- which is now a distinct possibility for anything on US Soil.
In Let's Encrypt's defense, any compromise would be revealed in certificate transparency logs.
I would recommend monitoring your CT logs as a best practice anyway
Which are also on servers located on US soil; "National Security Letters" could conceivably be used to compel CT Log operators to aid in government efforts.
You are preaching to the choir here.
I'm not sure I follow. A certificate transparency operator could undoubtedly be compelled to add a certificate, but I'm not sure how useful that would be.
At least Chrome does check certificates against CT logs
Firefox does too since FF 135, as does Safari.
The distrust-all-and-everything rabbit hole is very deep. On a purely speculative basis, you could compel a CT log to issue SCTs without honouring them. None of the browser vendors actually check the CT log itself - they just enforce the presence of an SCT from a trusted log. The SCT is a promise to embed a certificate within a log in the near future, but doesn't actually mean that the certificate is part of the log yet. A log operator could, in violation of CT policy, issue SCTs and then just not add it to the tree. Doing so is a severe violation that, if detected, results in the disqualification of the log as per Chrome's CT policy. However, that does assume that someone notices the presence of an unfulfilled SCT. Various parties run monitors for this, Chrome included, but the more parties you distrust the difficult it gets to keep up any trust chain.
Probably just hoping to make some revenue, ZeroSSL are kind of similar in that they are free up to a point. If they can provide enough basic features (wildcard etc) there are orgs who will very happily pay, if they can also get support.
Looks like they (partially) have new owners who probably want to make their investment work: Tietoevry divesting its 50% ownership in Buypass AS
It's refreshing to see them update the name from SSL to TLS. And they've even replaced "SSL" on their marketing pages with "SSL/TLS"! 
IIRC, totally new owners. Two NO companies each owned 50% stock, and sold to a NL Holding company, which is a wholly owned subsidiary of a CA Holding Company.
What about ZeroSSL? Where are they really?
ZeroSSL GmbH
Salzgries 19/3+4
1010 Vienna
Austria
The fact that ZeroSSL is in Austria doesn't mean anything, as they do not issue any certificates. They are not a CA, but a reseller using a white labeled intermediate CA by Sectigo. Sectigo owns the keys.
AFAIK, location of the servers themselves doesn't matter. What matters whether the company is incorporated in US.
In order to be truly safe from searches from US authorities, you'd need to find a non-US CA with non-US infrastructure. There are many CAs satisfying this requirement, just not free ones.
Tinfoil on.
In practice, if the CA was compelled to lie/falsify/etc a certificate or CT entry, that would be an instant kiss-of-death for the business, discovered relatively quickly by CA/B community, and that CA would be distrusted within days. Even three-letter-agencies are not such stupid to burn an important intelligence source for short-term gain.
Tinfoil off.
Prior art:
For clarity below, assume EU means any non-US country:
An EU company on EU soil would be protected by EU laws, and US Government requests would be subject to treaty obligations.
A US company on EU soil would still have to comply with, and be protected by, EU laws; any US Government requests would still be subject to treaty obligations.
In both those cases, if the company were served National Security Letters, they could defer to EU courts. Most importantly - US Agents would also not be able to unilaterally force access or compel silence/specific action on overseas soil. US Agents can do that to any facility and company in US soil - that is my primary concern.
I am not concerned with legitimate government requests and actions that play out through courts. I will note there was a (seemingly government backed) MITM attack that occurred on the Linode network with LetsEncrypt certs last year regarding jabber.ru last year - though that likely did not include any performance by the CA.*
I am less concerned with CAs being compelled to issue false certs per se - though I do think it is practical for government agencies to simultaneously compel a CA and CT Logs. I think it's more likely they would compel access to copy the root keys and intermediates, and might later compel CT logs as needed.
High level officials in the US Defense Department and National Security Agency recently used the Signal app to discuss war plans, and inadvertently included a journalist. I think that's the exact kind of stupid that would attempt something like this; it is also coupled with the current culture in those agencies of unilateral executive theory.
Multiple friends and professional colleagues have been sued and harassed by current US officials over the past 9 years. Perhaps I have a tinfoil hat on, but technical avenues to exploit the current trust system exist, legal avenues to hide the exploits exist, and the current US government is neither focused on stability nor lawfulness.
* I am starting to think there might be a utility in monitoring SSL cert fingerprints from multiple vantage points to detect any changes, and possibly automatically publish them to DNS records as well as part of the deployment process. Are there any systems that monitor DANE records?
This is an interesting observation, but I'm not a lawyer to be able to continue discussion in that direction.
Since the attacker could MITM the server at the network level, they could also "prove" domain ownership by completing HTTP-01 validation. Let's Encrypt is not at fault here, they likely were a handy tool to get a cert quickly. Stricter CAA record value would help, but once again you need to trust your DNS provider.
How such compel could look like?
CAs might be compelled to issue a fake cert, but without a CT entry it won't be accepted by browsers. So you need an SCT (either embedded in the cert, or provided connection-time).
CT log promises to incorporate the SCT in the log within certain amount of time (usually 24 hours). If not there by that time is a breach of SLA (it ends up with ban from browsers). You might also want to remove CT entry from the existing log. CT protocol is designed to be append-only (they are blockchain-alike). So, the edit would be easily discovered (it ends up with a ban from browsers, in addition to severe reputational damage for a log operator).
I don't see the way to be able to silently do MITM with a publicly trusted cert in year 2025 without leaving a trace. Monitoring CT seems to be the best way to safeguard against surveillance if you are concerned about various agencies.
Not sure, and that's quite a big conversation that includes the CLOUD act and GDPR, the late EU-US Privacy Shield and more (like the relationship between the mostly Irish companies that serve Europe and the American mothership).
But that's not the main issue. Laws only matter if rule of law is in effect. And when it comes to cryptography we have never liked stuff that works because of laws instead of math.
