hey I don’t make the trust rules. ZScaler is trash imo but hundreds of thousands of clients are ‘protected’ by their trust rules. People downvoting my post because it doesn’t wash with ‘the way things should be’ but in reality SSL certs are like email providers these days - if you aren’t paying with one of the big corps, a good portion of your web traffic (or email) might be blocked. Sad but true. There is a reason Let’s Encrypt and Cloudflare et al are heavily used by Crypto sites, and that is due to the anonymity they provide. If all you care about is encrypting traffic, use Let’s Encrypt. If you care at all about perception of trust, use paid SSL. simple.
we have Fortune 100 companies served with LetsEncrypt certs
these are subdomains of a verifiably certified root domain no doubt
‘ Control’ but not own, which leaves it open to criminal activity. In contrast, a SSL certificate authority will ask for multiple pieces of ID for corporate registrants including articles of incorporation.