Sample size: 1236617 HTTPS sites from Cisco Umbrella and Alexa top1m (total of 1868635 sites but 632018 don't support HTTPS)
Distrusted in Firefox 60: 21089 but 7382 of those certs expire before 60 is released so only 13707 need action (1.1% of HTTPS sites, 0.73% of all sites)
Distrusted in Firefox 63: 155847 but 81198 of those certs expire before 63 is released