A Chinese certificate authority issued a duplicate SSL certificate for GitHub domains without verifying ownership of the base domain. The certificate authority, named, issued a base certificate for the Github domains to an unnamed GitHub user. The incident was first publicly disclosed by British Mozilla programmer on Mozilla’s security policy mailing list. The CA authority has not yet revoked the GitHub certificate, despite revoking both the certificates, despite the fact you already have one purchased from another CA. If you find a fraud certificate issued for your domain, report respective CA and address it immediately.
Source: https://thehackernews.com/2016/08/github-ssl-certificate.html