If the importance of solving this is in your opinion higher than the risk of something inconvenient happening, one trick you could try goes like this:
As I understand it, the certificates you actually use are from a different CA, while the Firebase certificates were issued by Let's Encrypt.
You may be able to tell your DNS provider (Cloudflare right?) to create a CAA record in DNS which says which Certificate Authorities are authorised to issue for your domain. This is effectively like a "No salesmen" sign on the property gate. It doesn't have force of law, but a legitimate outfit (such as Let's Encrypt) will obey it. You can write a CAA record that says your preferred issuer is allowed but Let's Encrypt is not.
When Firebase tries to get any new certificate, Let's Encrypt will tell them no, because it saw your CAA record when trying to issue.
Now, the risk is, I don't know what Firebase would do then. They might just not add your name to the certificate and not worry about it. But it might email you claiming there's a problem, it might even stop your service working. I guess hilariously (but still inconveniently) it might blow up service for all those other names listed with yours. None of this is your fault, you didn't want the certificate and are entitled to say so, but "I blew up my web site on a point of principle" isn't how most people want to spend the holiday season.