A bug in Let’s Encrypt’s certificate authority software caused some certificates to not be properly validated through Certificate Authority Authorization (CAA) configured for an associated domain. CAA is a security feature that allows domain administrators to create a DNS record that restricts the certificate authorities that are allowed to issue certificates for that particular domain. This caused certificates to be issued without the proper CAA checks for some domains. Tomorrow 3,048,289 currently-valid certificates will be revoked, 2.6% of their overall ~116 million active certificates.
Source: https://www.bleepingcomputer.com/news/security/lets-encrypt-to-revoke-3-million-tls-certificates-due-to-bug/