D-Trust certificates now lose their validity due to errors

An unexpected Easter egg for IT administrators: Thousands of TLS certificates from Bundesdruckerei subsidiary D-Trust will no longer be valid on Easter Monday. Immediate replacement is essential to avoid widespread server failures.

Short-term certificate exchange necessary

D-Trust, a subsidiary of Bundesdruckerei, has to recall numerous TLS certificates at short notice. All certificates newly issued since March 15, 2026 are affected and must be replaced by administrators by Easter Monday, April 6, 2026, 5 p.m. The digital ID cards for websites and servers then lose their validity. If the certificates are not renewed in time, failures in encrypted connections on the Internet are possible. D-Trust supplies, among other things, parts of the telematics infrastructure in the healthcare sector and authorities with security certificates.

“Fomal error”

The short deadline over the Easter holidays leads to additional work in many IT departments, as in addition to websites, other services such as connections for mobile device management have to be converted. Like that Federal Office for Information Security (BSI) emphasizes, the recall is not related to a cyber attack. According to the authority, the cryptographic security of the certificates was guaranteed at all times. The trigger is a formal error in automated testing processes (linting), in which tools such as ZLint check certificates for compliance with industry standards before they are issued.

Threatening loss of trust

The underlying error was already noticed in mid-March 2026. Accordingly, several advance certificates issued exceeded the maximum permitted validity period of 200 days. These pre-certificates are recorded in so-called certificate transparency logs, a public protocol that is intended to make secret or incorrect certificate issuances visible. Violations of these requirements result in mandatory corrective measures. In order to cushion the impact on customers, D-Trust said it has set up continuous emergency support over the holidays. Special teams are supposed to help with the quick exchange of certificates and clarify technical questions. The incident shows how closely modern IT infrastructures are tied to international security standards: Even formal deviations can require extensive changes.