Trouble at Linux Mint — and beyond

Kind of, the tech is mostly in place, it's just not widely used yet. If you use HSTS on your server (no excuse for not doing so, but few sites do), and your users use a browser that checks certificate transparency logs (Chrome only right now, Firefox is working on it last I heard), and you have some automated notification when rogue certs for your domain appear in the log (I haven't heard anything about this, it's probably the missing link), then there's no way this could happen (unless the user has never visited your site before, or not for such a long time as for the HSTS policy to expire).

I expect most of the above will be widely deployed in the next five years or so, and we'll all be safer for it. In the meantime....