Recently I wrote an article on why you should lock down your website certificates. Oddly, has been around since late 2013 and not very well know, although recently has been gaining traction in this realm.
Full article is on LinkedIn: https://www.linkedin.com/pulse/locking-down-website-certificates-kenneth-springer-6qoqc/?trackingId=JD7YUS7nQqmSVpYu493pTQ%3D%3D
