Re: It affected me
I'm in a time zone where we have about 4 hours from open of business to revocation of cert (although it's now been extended, a bit). Fsck these guys with a pitchfork, sideways.
Although I feel for your problem, I'm afraid the fault is ultimately yours: you gave away your *private* key.
Your private key should never leave any system that you control. If you give it to someone else, then they are likely to do something stupid with it (like send it via E-mail, as we just saw), and you have no control over this.
If you allowed someone else to generate it for you on your behalf, then the same applies - especially if they are as stupid as Trustico and actually *kept* the private key, which they absolutely NEVER need.
Certificate generation should work like this:
1. You create a private key on YOUR server
2. You create a Certificate Signing Request, which contains the corresponding *public* key only
3. You send the CSR to your CA
4. The CA sends you back a certificate (which contains your public key, your domain name, an expiry date and serial number, and the CA's signature)
5. You install the certificate on your server, which hands it out to anyone who connects.
Your server will prove, to anyone who connects, that it owns the private key which corresponds to the public key in the certificate. The connecting client checks that the CA's signature is valid, that the expiry date hasn't passed, and that the serial number is not in any published revocation list - this is the bit which allows your certificate to be terminated before the expiry date, as is happening right now.
The critical point is that the private key is born, lives and dies on your server alone. If there's any backup copy it's one which you took yourself, and hold securely yourself.
My advice: take the free replacement certificates now, and then migrate to LetsEncrypt. It takes a bit of getting to grips with initially, but you get software which automates the whole key generation / CSR / signing process, and you get fresh certificates every 3 months, at no cost. The main reason they limit their certificate lifetime to 3 months is to make it essentially mandatory that you automate the whole process.