I reached out to Digicert at revoke@digicert.com. They responded almost immediately and directed me to Cloudflare's abuse report form, where I was met with a wall. Now I'm back to Digicert asking them to please revoke them.

Note that this isn't an urgent security situation, as the domain in question isn't in use currently. It's more of an annoyance, since the certs are valid for 1 year.

Certificates in question: https://crt.sh/?id=11447235791 https://crt.sh/?id=11447092451