A critical bug allowed attackers to get valid certificates if Icinga 2 runs with OpenSSL < 1.1.0 (e.g. on RHEL 7, Amazon Linux 2).
Fixed in: 2.14.6
And backported to: 2.13.12 and 2.12.12
Check your OpenSSL version with icinga2 --version | grep OpenSSL and update Icinga 2 now if affected.
Learn more about the issue here.