Let's Encrypt is conducting our annual mass-revocation simulation, as required by the Mozilla root program requirements.
The simulated issue is a theoretical missed baseline requirements change limiting authorization reuse to 10 days for DNS-01 authorizations, instead of the 30 we currently do.
We stopped issuance in staging yesterday as we worked on resolving a simulated authorization reuse issue, and re-enabled it once we'd "fixed" the issue.
We will soon proceed with revoking the "affected" certificates in staging.
We will not revoke any certificates in production.
Tomorrow, we will compute the "affected" certificates and add an ARI response telling clients to renew immediately for them, as we would do in a real incident. The ARI response will reference this post.