What an enormous cluster. Trustico asks Digicert to mass-revoke 50k certs, Digicert asks for proof of compromise, so Trustico emails 23k private keys (which they never should have had in the first place, but now are most certainly compromised). But yeah, trust the commercial CAs (and their resellers).
If there’s a lesson to be learned here (other than that a commercial CA doesn’t offer any better security than a free CA like Let’s Encrypt), it would seem to be this: the fewer parties that are involved in your cert issuance, the better.