I was trying to explain that the existence of a certificate covering a particular name does not mean that that certificate will be used by a particular server that that name is pointed at. Because you own lab41.co, you are eligible to get a certificate for links.lab41.co (including a certificate that covers that name as well as other names). Certificates only work when they are installed (along with the corresponding private key) on servers. They have no effect just by existing, or just by being installed on other servers.
You could ask the people who run tracking.mailshake.com to install your links.lab41.co certificate (and private key, which you would have to give them as well), and if they did, it work, but they’re almost certainly not set up to do this kind of thing routinely—and they are the only ones who are in a position to do it.
A certificate doesn’t mean that a site or a connection to a site “is secure” in the abstract. For example, I can get a certificate for my own site and then not use HTTPS on my site at all. Then connections to my site are not secure, even though the certificate implies that maybe they would be under appropriate circumstances.
The certificate means that people who trust the certificate authority can accept that a particular encryption key really belongs to the person who runs that site. If that encryption key is not actually being used by the site, the certificate is totally irrelevant from the browser’s point of view, like if a health insurer wrote a letter pre-authorizing a subscriber to consult any physician in Zimbabwe, that would not actually cause the subscriber to travel to Zimbabwe to consult physicians, unless the subscriber also wanted to do so.
(Edit) Or, a more exact analogy might be:
I want my friend to be able to visit my secure data center, and I’m allowed to authorize people to do that, so I issue him an access card, which requires a PIN. I keep the access card in a drawer my office and don’t tell him the PIN.
Later on, my friend calls up and says “Hey, I heard you wanted me to go visit the data center?” and I reply “Of course, I’ve already issued you an access card, so you’re totally authorized to go there at any time!”.
He says “Well, I don’t actually have the access card.” and I say “The access card has your name on it, it lets you into the data center, and you’re totally authorized to go in to the data center whenever you want!”.