I agree. While I understand the user's dilemma and sympathize, there is a good case to be made that, in fact, such a certificate should not issue. If there's hesitation to seek the active permission of the domain holder, this suggests against issuance.