I will stick to Let's Encrypt. ZeroSSL free plan is too limited. No able to issue wildcard certs. Only 3 regular certificates per account (e-mail). I wonder what's the reason behind the scenes for acme.sh to replace it's long back working default Let's Encrypt CA to ZeroSSL CA.
I vote WordOps to set Let's Encrypt CA default on first install.
I just found out "apilayer (Idera, Inc.) has acquired both, ZeroSSL and acme.sh a while ago". I've also found out certificates issued using ACME protocol (and thus acme.sh) are unlimited, even on free plan (including wildcard certificates).
I am now unsure what would be the better path for WordOps to follow...