This incident has been resolved.
Mar 17, 17:58 UTC
Today, we've discovered a hitherto unknown issue with the DNS-record validation process Symantec uses for their Encryption Everywhere API. It certainly has nothing to do with the recent changes made due to the CAB/F ballot 169. Rather, this problem has probably existed for some time. The issue occurs sporadically (due to incorrectly performed DNS caching) and prevents correct DNS validation in some cases. Our colleagues at Symantec are working hard to solve the problem as soon as possible. However, the deployment of a hotfix will probably take several days, due to Symantec's QA.
Mar 16, 10:00 UTC