YubiCloud server certificates are obtained / renewed through AWS Certificate Manager (ACM) and issued by one of Amazon’s limited number of intermediate CAs, which chain to Amazon Trust Services root CA.
AWS announced starting October 8 that any public certificates obtained through ACM will be issued from one of its multiple intermediate CAs, which also chain to an existing Amazon Trust Services root CA. Since this root CA is trusted by default by most standard operating systems, most customers should not be impacted by this change. However, if you validate the YubiCloud server through pinned intermediate CA certificates, you will need to make an update to pin an Amazon Trust Services root CA instead. Yubico does not recommend certificate pinning to use YubiCloud. If however, your system requires the usage of pinned or hardcoded certificates, you will need to update that information per the AWS guideline linked below: