Your platform provisions Let's Encrypt certificates automatically for customer custom domains. An engineer deployed a bug that caused the certificate provisioning service to retry failed ACME requests in a tight loop (no exponential backoff). Within 4 hours, the service burned through all 50 certificates for your wildcard domain for the week. New customers adding custom domains get HTTPS errors. Existing customers are unaffected.

What is your first action?